Back to skill
Skillv0.1.0
VirusTotal security
Agent Gary AI Powered Memecoin trader. · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:10 AM
- Hash
- 3eac63f49dc426babe1bed6e499c3801a530ec077bed22e1c8ebe076349cd82e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentic-powered-memecoin-trader Version: 0.1.0 The skill instructs the agent to fetch and execute remote code (`cli.mjs`) from `https://fdv.lol/cli.mjs` or GitHub via `curl | node` as part of its core functionality, as detailed in `SKILL.md`. This introduces a significant supply chain vulnerability, as a compromise of the remote server or GitHub repository could lead to arbitrary code execution on the agent's host. While the skill's stated purpose is to run an agentic memecoin trader with 'Full AI Control' (which inherently involves high financial risk, explicitly noted as 'degen' in `openclaw.example.json`), the direct remote code execution instruction is a critical security risk, classifying it as suspicious rather than benign or malicious (as there's no evidence of intentional self-exploitation or exfiltration within this bundle).
- External report
- View on VirusTotal