Back to skill
Skillv1.0.2
VirusTotal security
Crypto Payments Ecommerce · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:56 AM
- Hash
- e3177837484435f5c32dda189b54aa8f85cb549c5bf982c775211f22e4be1781
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: crypto-payments-ecommerce Version: 1.0.2 The skill is classified as suspicious due to the inclusion of a `curl -fsSL | /bin/bash` command in `SKILL.md` for installation. While presented as a standard installation step for the advertised 'PayRam' software, this method allows for arbitrary code execution from a remote source (github.com/PayRam/payram-scripts/main/setup_payram.sh). This constitutes a significant supply chain vulnerability and a high-risk behavior, as a compromised script or repository could lead to remote code execution on the agent's host system without explicit malicious intent from the skill's author. No direct prompt injection attempts or other clear malicious behaviors were identified.
- External report
- View on VirusTotal