Back to skill
Skillv0.3.6
VirusTotal security
CoinFello · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:09 AM
- Hash
- c65eb97a409906d1cdb2cb15d703e5547352257bb63b206cabac084353a5551a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: coinfello Version: 0.3.6 The skill manages high-risk cryptocurrency operations, including private key storage and transaction signing. Key indicators include the use of a background signing daemon (`signer-daemon`) that caches authentication via Unix domain sockets, the potential for plaintext private key storage in `config.json` (via the `--use-unsafe-private-key` flag), and the execution of an external CLI via `npx @coinfello/agent-cli@latest` in `SKILL.md`. While these capabilities are aligned with the stated purpose of the CoinFello agent, the architectural choices and sensitive data handling represent a significant security risk and attack surface.
- External report
- View on VirusTotal