Back to skill
Skillv0.3.2
VirusTotal security
BoltzPay · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:20 AM
- Hash
- 0d335fd24b3ddb7cfad5283db4eb7358b816f729b192841fa99a921adfb33e7e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: boltzpay Version: 0.3.2 The skill requires several highly sensitive financial credentials, including 'COINBASE_WALLET_SECRET', 'TEMPO_PRIVATE_KEY' (hex), and 'STRIPE_SECRET_KEY', to facilitate automated API payments. While these are aligned with the stated purpose of the BoltzPay service, the requirement for raw private keys and the execution of remote code via 'npx @boltzpay/cli' in SKILL.md represents a significant security risk. There is no explicit evidence of malicious intent in the provided files, but the high-risk nature of the requested secrets warrants a suspicious classification.
- External report
- View on VirusTotal