Back to skill
Skillv0.1.1
VirusTotal security
On-Chain Skill Audit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:35 AM
- Hash
- 0266246dac2fc4c5cef29bc0c451cfebb0b1d01ffd1a5fc9415b5d52d6d94b74
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: onchain-skill-audit Version: 0.1.1 The skill is classified as suspicious due to its inherent risky capabilities, even though they are plausibly needed for its stated purpose. The `/register-skill` command in `skill.md` instructs the agent to "Read skill.md at given path", which grants file system access based on user input. While intended for hashing skill content, this capability could be abused by a malicious user to read arbitrary local files. Additionally, the `registerSkill` and `auditSkill` functions, as described in `skill.md`, accept a `codeInTx` parameter, allowing arbitrary data to be inscribed on-chain, which presents a potential data exfiltration vector if sensitive information were passed to it. The skill also relies on an external npm package (`@rocketlabs/skill-audit`), introducing a supply chain risk.
- External report
- View on VirusTotal