Skillv0.0.2

VirusTotal security

easyclaw · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 30, 2026, 4:35 AM

Hash: 04628a060285305cf1233dc901caa6bd460a57975b7a6ffeadb3f69b57c46a33
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: easyclaw Version: 0.0.2 The skill is classified as suspicious due to its inherent high-risk capabilities, including reading and using Solana private keys (`KEYPAIR_PATH` in `scripts/common.js`), signing and sending financial transactions on-chain (`scripts/order-execute.js`), making external API calls to configurable endpoints (`scripts/backend-common.js`), and spawning child processes (`scripts/onboard.js`, `scripts/realtime-agent.js`). While these actions align with the stated purpose of a DEX trading agent, they represent significant attack surfaces. There is no clear evidence of intentional malicious behavior such as unauthorized data exfiltration or backdoor installation within the provided code, nor are there prompt injection attempts against the OpenClaw agent in `SKILL.md` or `agents/openai.yaml`. However, the broad permissions and sensitive operations, particularly the handling of private keys and execution of child processes based on user-controlled inputs, elevate the risk beyond benign, classifying it as suspicious due to the potential for exploitation if inputs or environment variables are compromised.
External report: View on VirusTotal