Back to skill
Skillv1.0.0
VirusTotal security
cetus · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:49 AM
- Hash
- 279fab67cacc7a89e065e92a4fd07da5bd394c1c47bc573bab8716cfd12dc167
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cetus Version: 1.0.0 The skill bundle integrates Cetus Protocol SDKs, with `SKILL.md` providing documentation and `README.md` offering installation instructions (`npx clawhub install cetus`). The `SKILL.md` also includes `npm install @cetusprotocol/...` commands as part of the SDK usage examples. While these commands are aligned with the stated purpose of integrating DeFi SDKs, they introduce a supply chain risk by instructing the agent to fetch and execute code from external npm registries. There is no evidence of direct malicious intent, data exfiltration, or prompt injection against the executing agent (the 'AI tool Disclaimer' in `README.md` is a log of the skill's creation, not an execution instruction). However, the reliance on external package installations, which could be compromised, warrants a 'suspicious' classification due to the inherent supply chain vulnerability.
- External report
- View on VirusTotal