Back to skill
Skillv1.0.1
VirusTotal security
PayAll CLI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 27, 2026, 1:36 AM
- Hash
- df540dbf3719ab6ad406736cdcaf7b80417345cb7b626084abd1047ae729b56d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: payall-cli Version: 1.0.1 The skill bundle manages high-risk financial operations, including EVM private keys and full credit card data (number/CVV) via the 'payall-cli' tool. It explicitly instructs the AI agent to handle raw private keys using the '--key' flag for non-interactive authentication and provides workflows for automated USDT transfers across multiple chains. While these capabilities align with the stated purpose of a crypto management tool, the handling of sensitive credentials by an agent and the reliance on an external global NPM package present a significant security risk. Additionally, SKILL.md contains contradictory instructions regarding the availability and application process for specific cards (IDs 23 and 39), which could be used to manipulate user behavior.
- External report
- View on VirusTotal