Back to skill
Skillv1.0.7
VirusTotal security
Block for OpenClaw - Spend anywhere or request payment from anyone. · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:47 AM
- Hash
- 15c0e568fab2f177610d7c83fecdc8097dee094be4c5c6f7d9c5cb6f0f36f147
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: block Version: 1.0.7 The skill bundle facilitates financial transactions for AI agents via the CreditClaw platform. It is classified as suspicious due to high-risk operational patterns, including instructions for the agent to execute shell commands (`curl`) to download and save files to the local filesystem and the use of ephemeral sub-agents (`sessions_spawn`) to handle decrypted credit card data. Specifically, `encrypted-card.md` describes a flow where the agent must extract and execute a decryption script (`node decrypt.js`) from a delivered file to access payment details. While these actions are aligned with the stated purpose of secure payment management, the reliance on dynamic code execution and sub-agent spawning represents a significant attack surface (IOC: creditclaw.com).
- External report
- View on VirusTotal