Back to skill
Skillv1.0.2
VirusTotal security
CoinMarketCap Exchange APIs · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:54 AM
- Hash
- 29ae422137759b6b54144f70c923a763aa73eb02d98fb8fbbed74f311e92ef88
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cmc-api-exchange Version: 1.0.2 The skill is classified as suspicious due to the explicit allowance of the `Bash` tool in `SKILL.md`. While `Bash` is plausibly needed for the stated purpose of making `curl` API calls to CoinMarketCap, this capability introduces a significant remote code execution (RCE) vulnerability risk if the AI agent's command construction is not robustly sanitized against user input. There is no evidence of intentional malicious code, data exfiltration, or harmful prompt injection attempts within the provided files; all `curl` examples target the legitimate `https://pro-api.coinmarketcap.com` domain.
- External report
- View on VirusTotal