Back to skill
Skillv1.1.0
VirusTotal security
ClawdVine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:25 AM
- Hash
- b8ea19458cfee02be068e52ce626ce2cd2ba2bf57ad6fc70f74cbe25b4792e7e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 8 The skill bundle is classified as suspicious due to its direct handling and use of the `EVM_PRIVATE_KEY` environment variable within multiple scripts (`check-balance.mjs`, `sign-siwe.mjs`, `x402-generate.mjs`). While the documentation (`SKILL.md`) and code indicate that the private key is used for legitimate cryptographic operations (SIWE authentication, x402 payments for video generation, token balance checks) and explicitly instruct the AI agent to seek user confirmation for all paid and on-chain actions, the direct exposure and programmatic use of a private key, even for intended purposes, represents a significant security risk. There is no clear evidence of intentional malicious behavior such as exfiltration of the private key or unauthorized transactions beyond the stated purpose, but the high-risk capability warrants a 'suspicious' classification.
- External report
- View on VirusTotal