Back to skill
Skillv1.0.0
VirusTotal security
CashApp - Give your Claw Agent Cash · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:47 AM
- Hash
- 31a7e442e0c8070a3a0054859d5ee038fae5bcc5e53ee0ab9ab94ec38389963c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cash Version: 1.0.0 The skill bundle facilitates financial transactions for AI agents using Stripe and encrypted credit cards, which involves several high-risk capabilities. Specifically, skill.md and encrypted-card.md provide instructions for the agent to execute shell commands (e.g., curl and node decrypt.js), manage local file storage for sensitive data (~/.creditclaw/cards/), and spawn ephemeral sub-agents for checkout tasks. While these behaviors are clearly aligned with the stated purpose of a payment gateway and are accompanied by extensive security documentation and server-side guardrails, the inherent risks associated with code execution and the handling of credit card data meet the threshold for a suspicious classification.
- External report
- View on VirusTotal