Back to skill
Skillv1.0.0
VirusTotal security
Kamino Positions Monitor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:23 AM
- Hash
- c735d230ea6997cbb6628bff1c959557ca8ec305daa3ea1a7e882ca046bde692
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kamino-positions-monitor Version: 1.0.0 The skill is classified as suspicious primarily due to its reliance on an external GitHub repository (`https://github.com/csacanam/kamino-positions-monitor`) for its core logic, as instructed by `SKILL.md` via `git clone` and `npm install`. This introduces a significant supply chain risk, as the integrity of the external repository and its dependencies cannot be verified from the provided skill bundle. Additionally, the skill is designed to read potentially sensitive API keys (`SOLANA_RPC_URL`, `TELEGRAM_BOT_TOKEN`, `TELEGRAM_CHAT_ID`) from an `.env` file, which, while stated for legitimate purposes (Solana RPC connection, optional Telegram reports), are handled by the external, unverified script, posing a risk if that script were compromised or malicious.
- External report
- View on VirusTotal