Back to skill
Skillv0.1.0
VirusTotal security
Openclaw X402 Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 5:01 AM
- Hash
- 8159253dea04af69df95076bc9dbdd14a2994fb281b20edef06a8c2af968722f
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: openclaw-x402-skill Version: 0.1.0 The OpenClaw x402 skill is designed for autonomous discovery and payment for API services using cryptocurrency. It explicitly requires and handles `EVM_PRIVATE_KEY` for making payments, which is a high-risk operation. However, the documentation (`SKILL.md`, `README.md`, `x402-MCP.md`) is highly transparent about this, provides strong security warnings (e.g., 'NEVER commit your private key'), and outlines best practices for safe usage. All external network calls (e.g., to Coinbase CDP, PayAI facilitators, Base RPC) are clearly stated and directly align with the skill's core functionality of API discovery and payment processing. There is no evidence of intentional data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts to subvert the agent's intended behavior for malicious purposes. The skill's actions, while sensitive, are fully aligned with its stated purpose.
- External report
- View on VirusTotal