Back to skill
Skillv1.0.0
VirusTotal security
BTCD Skill (NBW) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:26 AM
- Hash
- 4913444232be41e68886294b6bb2e8a6c376ca65b20e52b08da1fd46ef85daf5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: btcd-skill-beta Version: 1.0.0 The skill is designed to perform complex, high-risk financial operations involving user-provided EVM and BTC private keys for blockchain transactions (collateralization, loan repayment). While the core logic appears aligned with its stated purpose and includes explicit safety instructions for the agent in SKILL.md, a critical concern is the comment in `scripts/utils/state-manager.js`: `// Support FLOW_STATE_FILE env var to allow attack scripts to use a separate state file`. This explicitly acknowledges a feature designed to facilitate manipulation of the skill's state management via environment variables, which represents a significant vulnerability if an attacker could inject environment variables into the agent's execution context. This risky capability, even if not directly exploited by the skill itself, makes the bundle suspicious.
- External report
- View on VirusTotal