Back to skill
Skillv1.0.1
VirusTotal security
Zynd Agent Network · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:00 AM
- Hash
- 0ae058b273d883dd437675c20126dc85bc45d822bf848e8d9d5ae7a51765f70e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zynd-network Version: 1.0.1 The skill is classified as suspicious due to two main vulnerabilities: 1) The `zynd_register.py` script stores a `secret_seed` (likely a private key for x402 payments) in plain text within a local `config.json` file (`.agent-<name>/config.json`). This poses a significant risk if the local system is compromised, allowing unauthorized access to the agent's payment capabilities. 2) The `zynd_webhook_server.py` script, by default, binds to `0.0.0.0` and exposes a `/messages` endpoint that lists the last 20 received messages, including their content and source IP. Without proper network segmentation or authentication, this could lead to information disclosure if the server is publicly accessible, potentially revealing sensitive user queries or agent interactions. These are significant security flaws, though not clear evidence of intentional malicious design.
- External report
- View on VirusTotal