Back to skill
Skillv1.0.0
VirusTotal security
Shopify Checkout API · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:41 AM
- Hash
- aa9e345ef01b07ca7fe66697524294440843303d6ff155f34cca4b69b4d4e913
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: shopify-checkout Version: 1.0.0 The skill is classified as suspicious due to its inherent high-risk capabilities, specifically the collection and transmission of sensitive Personally Identifiable Information (PII) and the initiation of cryptocurrency financial transactions (x402 payments) via an external API (checkout-agent.credpay.xyz). While these actions align with the stated purpose of an online checkout skill, the direct handling of user funds and personal data, coupled with reliance on an external third-party service, represents a significant risk profile. There is no evidence of intentional malicious prompt injection or other harmful behaviors within SKILL.md, but the nature of the operations warrants a 'suspicious' classification rather than 'benign' due to the potential impact of compromise or misuse.
- External report
- View on VirusTotal