Back to skill
Skillv0.1.3
VirusTotal security
AgentSpend · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:14 AM
- Hash
- 96cd2eff839a2c9283b3e9219daf25ebd53b32fdae53d33c05912dee074ab0d7
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: agentspend Version: 0.1.3 The OpenClaw AgentSkills skill bundle 'agentspend' is a CLI tool designed for managing paid API calls through a central service (api.agentspend.co). The `SKILL.md` provides clear instructions for the AI agent, outlining the tool's purpose and usage without any evidence of prompt injection attempts or subversion. The TypeScript code handles API keys and configuration files (`~/.agentspend/credentials.json`) with appropriate file permissions (0o600) and uses `bcryptjs` for hashing API keys during the claiming process. All external network calls are directed to the `agentspend.co` API, which acts as a payment and access gateway, rather than directly to arbitrary user-provided URLs. There is no evidence of data exfiltration, backdoors, arbitrary code execution, or other malicious behaviors. The tool's functionality, including incurring costs and accessing external APIs, aligns with its stated purpose and includes user-configurable spending controls.
- External report
- View on VirusTotal