Back to skill
Skillv2.0.2
VirusTotal security
AISP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:50 AM
- Hash
- 96dad5b8f6cae8521247cf4cea4cc9fc9a65af4191a3c62e118a60065946b43a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aisp Version: 2.0.2 The skill is classified as suspicious due to its inherent high-risk capabilities, which include direct interaction with cryptocurrency (USDC escrow) via a wallet signer and handling sensitive API keys through an external backend API (defined by `BACKEND_URL`). While the `SKILL.md` transparently declares these operations and even includes security recommendations (e.g., user confirmation for fund transfers, scoped API keys), the nature of these actions (financial transactions, credential management, external network calls) presents a significant attack surface and potential for abuse if the backend or smart contract were compromised. There is no evidence of intentional malicious behavior, data exfiltration, or prompt injection for harmful purposes within the provided files; rather, the risk stems from the powerful, legitimate capabilities the skill is designed to perform.
- External report
- View on VirusTotal