Back to skill
Skillv1.0.0
VirusTotal security
Quack Wallet · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:44 AM
- Hash
- 93e374d54bea0ae56da5b44cffaf4d2cdaeed39b4cac9bbd5b847539c47f2fc5
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: quack-wallet Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'quack-wallet' is benign. It provides functionality to check balance and transfer tokens via the Quack Network API (`https://quack.us.com`). The scripts (`balance.mjs`, `transfer.mjs`) correctly read the API key from `~/.openclaw/credentials/quack.json` as specified in `SKILL.md` and use it for authenticated API calls. User inputs for transfer details are passed to the API as intended, with `encodeURIComponent` used for the agent ID in the URL, mitigating URL path injection. There is no evidence of data exfiltration to unauthorized endpoints, malicious code execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent in `SKILL.md`.
- External report
- View on VirusTotal