Back to skill
Skillv1.2.1
VirusTotal security
Checkout.com - Integrate with Agentic Payments & Wallets · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:02 AM
- Hash
- f133c67cc0e666afc9143aab5ef3ddff0ed525aab59084e9a12ab09c2651db3c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: checkout Version: 1.2.1 The skill bundle provides financial management capabilities, including a high-risk 'My Card' feature (Rail 5) that requires the agent to decrypt and process raw credit card details (PAN, CVV) in memory. While the documentation (encrypted-card.md) emphasizes security and ephemeral handling, this design creates a significant attack surface where a prompt injection could lead to the exfiltration of decrypted financial data. Furthermore, the instructions in SKILL.md direct the agent to fetch additional logic from remote URLs rather than local files, introducing a risk of remote instruction injection. The presence of future-dated timestamps (2026) and complex 'spawn_payload' logic for sub-agents also contributes to the suspicious classification.
- External report
- View on VirusTotal