Back to skill
Skillv1.0.1
VirusTotal security
Artwar · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:59 AM
- Hash
- 7095b35f87f4d11b5c3c01db48028d6d4799f8418a39f4880f6824ad0f6e522e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: artwar Version: 1.0.1 The skill is classified as suspicious due to its enablement of high-risk capabilities, specifically direct interaction with a blockchain for financial transactions (betting) and file system access for uploading images. The `SKILL.md` instructs the agent to use `node` with `ethers.js` to interact with a smart contract on the Monad Testnet, implying the agent will handle cryptocurrency and potentially private keys. Additionally, it performs file uploads via `curl -F "image=@artwork.png"` and communicates with a hardcoded external IP address (`http://54.162.153.8:3000`). While these actions align with the stated purpose of participating in an 'ArtWar' game, they represent significant attack surfaces and capabilities that, if misused or exploited through prompt injection, could lead to unauthorized financial transactions or data exfiltration, even though the current instructions in `SKILL.md` do not explicitly command malicious behavior.
- External report
- View on VirusTotal