Back to skill
Skillv0.58.1
VirusTotal security
Bankofbots · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:30 AM
- Hash
- 3dac845bd1e0409be2f5bf18df43546c156841e6710349c143e8b54940d084d4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bankofbots Version: 0.58.1 The skill bundle provides a comprehensive framework for agentic financial operations, including wallet binding, USDC loans, and a 2-of-3 treasury Safe. While the behavior is aligned with the stated purpose of 'agentic commerce,' it introduces high-risk capabilities such as a remote command queue (bob inbox check) that allows an external operator to trigger actions like wallet provisioning and fund transfers. Additionally, the instructions encourage downloading and updating a binary (bob-cli) from GitHub and managing private keys locally, which significantly expands the attack surface. No evidence of intentional malice or exfiltration was found, but the combination of remote control and financial privilege warrants a cautious classification.
- External report
- View on VirusTotal