Back to skill
Skillv0.1.0
VirusTotal security
CLAWLOGIC Trader · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:51 AM
- Hash
- b13181fba536212dc97fdb124d1715a8e28495d57ff6f30db6b31108b4e1f2f3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawlogic Version: 0.1.0 The skill is classified as suspicious due to a vulnerability in `scripts/helpers/post-broadcast.ts`. This script allows the `AGENT_BROADCAST_URL` environment variable to be overridden, enabling the exfiltration of data (including agent address, market ID, trade transaction hash, session ID, and user-provided reasoning) to an arbitrary, attacker-controlled endpoint. While the default URL (`https://clawlogic.vercel.app/api/agent-broadcasts`) is not malicious and the data sent is related to the skill's stated purpose, the capability to redirect this data to any URL constitutes a significant data exfiltration vulnerability, even without explicit malicious intent within the provided skill files.
- External report
- View on VirusTotal