Back to skill
Skillv0.2.0
VirusTotal security
Xflows Bridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:33 AM
- Hash
- ebda22ffa64d99f881ae51741ae0bb417937fba6c96ea078aabe73c96fcf3c30
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xflows-bridge-skills Version: 0.2.0 The skill provides an AI agent with high-risk capabilities, including the ability to display cryptocurrency private keys (xflows wallet show) and execute financial transactions (xflows send, xflows transfer). While these functions are aligned with the stated purpose of managing the Wanchain XFlows bridge, they create a significant attack surface where prompt injection could lead to the exfiltration of private keys or unauthorized movement of funds. The skill relies on the external 'xflows' CLI, and its core workflow involves handling sensitive wallet data directly within the agent's execution environment (SKILL.md, references/commands.md).
- External report
- View on VirusTotal