Back to skill
Skillv1.0.0
VirusTotal security
Basecred ERC-8004 Registration · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 3:37 AM
- Hash
- 18bc15abf9714a333a898b926844bd3fa42dfd0f02df8269d65b11ff224c67ca
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: basecred-8004-registration Version: 1.0.0 This skill is classified as suspicious due to its inherent high-risk capabilities, despite being aligned with its stated purpose of ERC-8004 agent registration. Key indicators include the explicit instruction in `SKILL.md` to read sensitive environment variables (e.g., `PRIVATE_KEY`) from `.env` files, and the execution of shell commands (`source /path/to/.env`, `node scripts/register.mjs`) which can expose credentials and perform on-chain write operations. The `scripts/register.mjs`, `scripts/feedback.mjs`, and `scripts/update.mjs` files directly interact with blockchain networks, requiring a private key for transactions, and can optionally interact with IPFS services, involving external network calls. While these actions are necessary for the skill's functionality, they represent significant security risks if the skill were to be compromised or misused.
- External report
- View on VirusTotal