Back to skill
Skillv1.0.7
VirusTotal security
Breeze x402 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:14 AM
- Hash
- 2379244535bacfa26ef63b601f1e2eaeb6de775ca630561e564d4fafca997da4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: breeze-x402-payment-api Version: 1.0.7 The skill is designed for Solana financial transactions, requiring `WALLET_PRIVATE_KEY` for signing. While the `SKILL.md` instructions explicitly warn against logging or returning the private key and the code aligns with the stated purpose, the `generate-wallet.js` script (in `SKILL.md`) creates and saves a private key directly to `wallet-backup.json` and `.env` files on disk. This local storage of a private key, even with warnings, presents a significant vulnerability risk if the user's environment is compromised or if the files are not adequately secured, leading to potential unauthorized access to funds. This inherent risk, despite the lack of clear malicious intent, classifies the skill as suspicious.
- External report
- View on VirusTotal