Back to skill
Skillv1.0.7
VirusTotal security
Kash - Agentic Payment Provider · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:34 AM
- Hash
- 033e280e2dc256abb1c25cd1ad6729063eb5b82ac87b53efbbbdcd8e1ccfa89a
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: kash Version: 1.0.7 The skill is designed to manage payments and includes robust security measures. The `tools.ts` file implements a strict allowlist for `KASH_API_URL` (`api.kash.dev`, `localhost`, `127.0.0.1`) to prevent `KASH_KEY` exfiltration to untrusted servers. Both `SKILL.md` and `tools.ts` contain explicit instructions and code logic to enforce spending limits and user confirmation for transactions above a threshold, and to prevent the agent from revealing `KASH_KEY`. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection designed for harmful actions.
- External report
- View on VirusTotal