Skillv3.1.0

VirusTotal security

Apechain Reader · External malware reputation and Code Insight signals for this exact artifact hash.

BenignApr 28, 2026, 4:11 AM

Hash: 7777db0c0a532d46f13511bc676b10761c67e7e8cc05de73e484b62325ab57a1
Source: palm
Verdict: benign
Code Insight: Type: OpenClaw Skill Name: apechain-reader Version: 3.1.0 The skill is designed for multi-chain wallet analysis, interacting with public blockchain RPCs, CoinGecko, and optionally Alchemy API for legitimate data retrieval. All network calls are to known, trusted services. Input validation is implemented for addresses and chain names, mitigating shell injection risks. The `package.json` lists no external dependencies, relying solely on Node.js built-ins. Documentation (SKILL.md, README-MARKETPLACE.md) provides clear instructions for using the skill and does not contain any prompt injection attempts to manipulate the agent into malicious actions. The `process.env.ALCHEMY_API_KEY` is used for an optional, documented feature (NFT collection name resolution) and is not exfiltrated. A critical bug related to the zero address causing indefinite hanging was identified and fixed, demonstrating a focus on robustness. While ENS resolution is explicitly disabled in `scripts/lib/rpc.js` due to a perceived dependency issue (despite the `namehash` function being present), this effectively closes a potential, albeit minor, attack vector. There is no evidence of intentional harmful behavior such as data exfiltration, unauthorized execution, or persistence mechanisms.
External report: View on VirusTotal