Back to skill
Skillv1.0.3
VirusTotal security
CoinMarketCap Crypto APIs · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:54 AM
- Hash
- b6cb56ae9b62a53eadcf321fc68b437632a812b75e296b524e8969cdf964b8c4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cmc-api-crypto Version: 1.0.3 The skill is classified as suspicious due to the explicit allowance of the 'Bash' tool in SKILL.md. While the skill's content and all `curl` examples are directed at the legitimate CoinMarketCap API for data retrieval (pro-api.coinmarketcap.com) and show no direct malicious intent, the ability to execute arbitrary shell commands via Bash introduces a significant vulnerability surface (e.g., RCE via prompt injection) if the AI agent's environment is not robustly sandboxed or if user input is not properly sanitized. There is no evidence of intentional malicious behavior within the provided files, but the high-risk capability warrants a 'suspicious' classification.
- External report
- View on VirusTotal