Back to skill
Skillv1.0.0
VirusTotal security
ClawDex Trading · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:54 AM
- Hash
- 98457aeb35236bfb8cab1805d14fc11a4d3185b804937547244ca2190ab39109
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawdex-trading Version: 1.0.0 The skill is classified as suspicious due to two primary reasons found in `SKILL.md`. First, it instructs the agent to perform a global `npm install -g clawdex@latest`, which introduces a significant supply chain risk by executing arbitrary code from an external package. Second, it explicitly instructs the agent to configure the `clawdex` tool using highly sensitive credentials, including a Solana wallet private key (`~/.config/solana/id.json`) and a Jupiter API key (`$JUPITER_API_KEY`). While these actions are plausibly needed for the skill's stated purpose of Solana trading, they represent a high-risk capability and a substantial security exposure without clear malicious intent within the skill's instructions themselves.
- External report
- View on VirusTotal