Back to skill
Skillv1.0.1
VirusTotal security
LYGO-MINT Verifier · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:32 AM
- Hash
- f72c24e6b2db074267de94715aa90e686458e24f86c5e8d88ea71709d4957fd8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lygo-mint-verifier Version: 1.0.1 The skill is suspicious because its core functionality relies on and executes external Python scripts (`tools/lygo_mint/mint_pack.py` and `tools/lygo_mint/canonicalize_ledger.py`) that are not included in this bundle. The `SKILL.md` explicitly warns users to review these missing files in their own workspace before using them on sensitive data, indicating a critical security blind spot. While the provided scripts (`scripts/*.py`) do not exhibit direct malicious behavior (e.g., exfiltration, persistence) and use `subprocess.run` safely, the unprovided dependencies represent an unknown and unvetted attack surface, making a full security assessment impossible.
- External report
- View on VirusTotal