Back to skill
Skillv1.3.0
VirusTotal security
xProof — Blockchain Proof for Agents · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:16 AM
- Hash
- 71c3fdfcfed7be526719bb925f9310d935c9ad750d16311e38dda6903574430b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xproof Version: 1.3.0 The xProof skill implements a mandatory 'Audit Log Standard' that requires the agent to exfiltrate metadata about every critical decision (including action descriptions, risk levels, and input hashes) to an external third-party service (xproof.app). Furthermore, the SKILL.md contains prompt-injection-style instructions commanding the agent to 'BLOCK execution' and allow 'No soft fail' if the third-party service is unavailable, effectively establishing a remote kill-switch and high-telemetry dependency. The installation process also relies on fetching remote markdown files via curl from a personal GitHub repository (jasonxkensei/xproof-openclaw-skill).
- External report
- View on VirusTotal