Back to skill
Skillv1.0.1
VirusTotal security
Credex Protocol · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:34 AM
- Hash
- 3898025e227cba2649039f9cb4332a5782848a8a2937b04bfc224cf873ca3338
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: credex-protocol Version: 1.0.1 The skill is classified as suspicious due to its direct requirement and handling of `WALLET_PRIVATE_KEY` for signing blockchain transactions, which is a high-risk operation. While this is necessary for its stated purpose as a DeFi skill, the reliance on such a sensitive credential elevates its risk profile. Additionally, the `CREDEX_AGENT_URL` (defaulting to `http://localhost:10003`) can be overridden, presenting a potential exfiltration vector if an attacker controls this environment variable, allowing transaction details (`agentAddress`, `amount`) to be sent to a malicious external server. No clear evidence of intentional malicious behavior (e.g., unrelated data exfiltration, persistence, or prompt injection to deviate from purpose) was found in `SKILL.md`, `scripts/client.ts`, or `scripts/lp.ts`.
- External report
- View on VirusTotal