Back to skill
Skillv1.0.2
VirusTotal security
Snakey · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:28 AM
- Hash
- d8680953de4c98177e51eca52f1464d0fbaa8e0206b4e018ac5db6ecdf8b7ae5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: snakey Version: 1.0.2 The skill is classified as suspicious due to its explicit requirement for the `WALLET_PRIVATE_KEY` environment variable, which is a highly sensitive credential. While this is declared as necessary for interacting with a blockchain-based game and signing payments to `https://api.snakey.ai`, the direct handling of such a critical secret by an AI agent skill introduces significant risk of misuse or compromise. Additionally, the skill installs an external npm package (`@snakey/sdk`), which presents a supply chain risk if the package itself were to be compromised or malicious, even though the skill's direct instructions do not show clear malicious intent.
- External report
- View on VirusTotal