Back to skill
Skillv1.0.0
VirusTotal security
Starling Bank · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:08 AM
- Hash
- 70b51b0ed325678b0e061e805427436fcd49abd5a73a2852a29b4721f7c1ee4c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: starling-bank Version: 1.0.0 The skill is classified as suspicious due to its inherent high-risk capabilities, which include making payments, creating payees, managing savings goals (deposits/withdrawals), and locking/unlocking bank cards, as detailed in `SKILL.md` and `references/api-details.md`. While these actions are explicitly aligned with the stated purpose of 'Manage Starling Bank accounts' and lack clear malicious intent (e.g., no data exfiltration, backdoors, or prompt injection for unauthorized actions), the nature of these financial operations constitutes 'meaningful high-risk behaviors' that prevent a 'benign' classification. The skill transparently instructs the agent to install the `starling-bank-mcp` npm package and configure it with a personal access token, which are standard but still involve external dependencies and sensitive credentials.
- External report
- View on VirusTotal