Back to skill
Skillv0.6.1
VirusTotal security
DAO Governance · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 7:13 AM
- Hash
- ce0e52e674cfaa2e459ecf3db667e8dc9edc1f75640007f97e102f75779ef287
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: degov-agent-skills Version: 0.6.1 The skill bundle implements a DAO governance research tool that manages a local EVM wallet on the Base network to handle x402 micropayments for API access. While the code includes security practices such as AES-256-GCM encryption and restricted file permissions (0o600), it contains a significant security weakness in 'wallet-store.ts' where the encryption passphrase is automatically generated and stored in a local file ('wallet-passphrase') within the same directory as the encrypted wallet. This high-risk capability of automated private key management and the potential for unauthorized fund depletion, combined with the weak storage of the decryption key, warrants a suspicious classification despite the lack of clear malicious intent or data exfiltration.
- External report
- View on VirusTotal