Back to skill
Skillv6.0.5
VirusTotal security
Upload Clawhub · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:21 AM
- Hash
- 6d52bb1898332304e84a0c056ca077a66fcbd3f3c859d36f016e72fa40d19a84
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: upload-clawhub Version: 6.0.5 The skill bundle provides a DeFi execution toolkit for the Binance Smart Chain (BSC) that involves high-risk capabilities, specifically the management of an operator's private key (RUNNER_PRIVATE_KEY) and the execution of arbitrary blockchain transactions via raw calldata (shll-run raw). While the documentation in SKILL.md and README.md outlines extensive security measures—such as on-chain policy enforcement (PolicyGuard), dual-wallet isolation, and mandatory user confirmation for write operations—the inherent nature of handling sensitive credentials and performing financial transactions constitutes meaningful high-risk behavior. Additionally, the instructions direct the AI agent to automatically manage its own environment variables and generate hot wallets, which increases the potential attack surface for credential exposure or session manipulation.
- External report
- View on VirusTotal