Back to skill
Skillv0.1.0
VirusTotal security
Agentcash Wallet · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:16 AM
- Hash
- 24f50ce5322120ac2c5f0a85a7a40eeabf19155caad866c6d5d4895e32ff91eb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentcash-wallet Version: 0.1.0 This skill bundle is suspicious because it instructs the agent to install and execute an external, untrusted `npm` package named `agentcash` via `npm install -g agentcash` and `npx agentcash` commands found in `SKILL.md` and `rules/getting-started.md`. While the provided markdown instructions themselves do not contain malicious prompt injection or code, relying on an external `npm` package introduces a significant supply chain risk. The `agentcash` package, whose code is not provided for analysis, could contain arbitrary malicious code that executes during installation or runtime, potentially leading to data exfiltration, system compromise, or other unauthorized actions.
- External report
- View on VirusTotal