Back to skill
Skillv1.0.1
VirusTotal security
Gator CLI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:14 AM
- Hash
- 3815b2e1a6f4834f002e52aa35dd9afea9ca719805baa186ec3cd402f269f331
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gator-cli Version: 1.0.1 This skill is designed to operate the `@metamask/gator-cli` for blockchain delegation management. It is classified as suspicious primarily due to the explicit disclosure in `SKILL.md` under 'Operational Notes' that 'Private keys are stored in plaintext JSON.' While this is a vulnerability in the underlying `gator-cli` tool rather than direct malice by the skill author, the skill instructs the agent to interact with a system that handles and stores critical cryptographic material in an insecure manner. Additionally, the `gator` CLI's `redeem` command supports a 'raw' action type, allowing arbitrary `callData` to a target contract, which, if misused (e.g., via prompt injection against the agent), could lead to unauthorized or malicious smart contract interactions.
- External report
- View on VirusTotal