Back to skill
Skillv1.0.0
VirusTotal security
sugerclawdy skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:28 AM
- Hash
- 638cff27b50ac69dcef1f44326739b6e92b6387ef27bbdc0f8888b767c70637f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sugerclawdy Version: 1.0.0 This skill is classified as suspicious due to its generation and instruction to 'save locally' highly sensitive Ethereum wallet credentials, including the private key and mnemonic, as detailed in SKILL.md. While there is no explicit instruction to exfiltrate these credentials, the handling and local storage of such sensitive data by an AI agent introduces a significant security risk, as the security of this local storage is undefined. Additionally, the skill utilizes `npx` to execute an external package (`eth-wallet-generate`), which introduces a supply chain risk.
- External report
- View on VirusTotal