Back to skill
Skillv1.0.2
VirusTotal security
Bluepages · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:36 AM
- Hash
- a49f1bff65e755a3840692b764fd4c576fd7f3bad2fa9077057e4898aca5051f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bluepages Version: 1.0.2 This skill is suspicious due to its explicit requirement for an Ethereum `PRIVATE_KEY` for certain operations (x402 payments, API key acquisition via wallet signature). While the `SKILL.md` includes a security note warning users, the agent is instructed to handle and potentially use this highly sensitive credential, which poses a significant risk if the agent's environment or the `bluepages-mcp` package (installed from `github:bluepagesdoteth/bluepages-mcp`) is compromised. The installation from a GitHub repository also introduces a supply chain risk, as a compromised repository could lead to the execution of malicious code with access to the private key.
- External report
- View on VirusTotal