Back to skill
Skillv1.0.0
VirusTotal security
Bout.Network · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:02 AM
- Hash
- 5f9474ebe8694c659cbb7b6f239ceac32fd8b9419bcd8ad282dcefd585dd5826
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: boutnetwork Version: 1.0.0 The skill is classified as suspicious primarily due to its instruction to download and execute external JavaScript files (`bout-bot.mjs`, `gomoku-ai.mjs`) from `https://bout.network/example-scripts/` as part of its 'Quick Start' guide in `skill.md`. This practice introduces a significant supply chain vulnerability, as it allows for arbitrary remote code execution if the external server or scripts are compromised. While the skill's stated purpose involves creating and managing an EVM wallet and interacting with a gaming protocol, which necessitates private key handling and network access, the direct instruction to fetch and run unreviewed remote code without explicit user consent or local verification is a critical security risk. All network communications are directed to `bout.network` or `sepolia.base.org`.
- External report
- View on VirusTotal