Back to skill
Skillv1.0.1
VirusTotal security
CoinMarketCap Market Overview APIs · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:54 AM
- Hash
- 551a18217fc0f58475c571bd14c92b5fcc42ea22ef4d16fbdfaf33eaefe35bb7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cmc-api-market Version: 1.0.1 The skill bundle is classified as suspicious due to the broad permissions granted to the AI agent, specifically `allowed-tools: - Bash - Read` in `SKILL.md`. While the provided `curl` examples demonstrate legitimate API interactions with `pro-api.coinmarketcap.com` and there is no explicit malicious code or prompt injection attempt within the skill's instructions, granting `Bash` access allows for arbitrary command execution and `Read` allows local file access. These capabilities, if exploited by a malicious user via prompt injection, could lead to remote code execution or data exfiltration, representing a significant vulnerability rather than intentional malice within the skill bundle itself.
- External report
- View on VirusTotal