Back to skill
Skillv1.0.3
VirusTotal security
Gate DEX Wallet · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:07 AM
- Hash
- d6a22261307f0c47ef5bd77efd482d60e530504b52f50bcfdb99565b7ef0a24e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gate-dex-wallet Version: 1.0.3 The gate-dex-wallet skill bundle provides comprehensive Web3 wallet functionality, including authentication, asset transfers, and DApp interactions. It exhibits several high-risk behaviors: the installation scripts (`install.sh`, `install_cli.sh`) perform global system modifications via `npm install -g`, prompt for sensitive OpenAPI credentials, and modify AI platform configuration files. Most notably, the instructions in `SKILL.md` and `references/tx-checkin.md` mandate that the AI agent execute prebuilt, opaque binaries (`tx-checkin`) from the `tools/tx-checkin/bin/` directory before any signing operation. While these actions are consistent with the stated purpose of a custodial wallet integration for the Gate.io ecosystem, the requirement to run local binaries and the handling of OAuth tokens represent a significant security risk and a broad attack surface, warranting a suspicious classification.
- External report
- View on VirusTotal