Back to skill
Skillv1.0.5
VirusTotal security
SkillzMarket · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:12 AM
- Hash
- e3891f86d14776d3b6214486984251f1add02bf5994de06bc4c9b6f1fe17fd9c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skillzmarket Version: 1.0.5 The skill is classified as suspicious due to its handling of a sensitive EVM private key (`SKILLZ_PRIVATE_KEY`) and the `direct` command in `skillz-cli.ts`. This command allows the agent to make cryptocurrency payments to any user-specified URL, which, while part of the stated purpose, presents a significant risk of unauthorized fund transfers if the agent is maliciously prompted. Although the `SKILL.md` and `README.md` clearly document this functionality and include security warnings, the inherent capability to direct payments to arbitrary endpoints makes it a high-risk feature without clear malicious intent from the skill developer itself.
- External report
- View on VirusTotal