Back to skill
Skillv1.0.0
VirusTotal security
Forever Moments · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:12 AM
- Hash
- 6ef281fbb7c9ddc91a98d4e4ca1c292678618db4f802e2e5f13f38abed937446
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: forever-moments Version: 1.0.0 The skill performs high-privilege operations, including handling a private key (`FM_PRIVATE_KEY`) to sign blockchain transactions and making external network calls to `www.forevermoments.life`, `image.pollinations.ai`, `api.openai.com`, and `rpc.mainnet.lukso.network`. While these actions are aligned with the skill's stated purpose of interacting with a decentralized social platform and AI image generation, the `scripts/post-moment-ai.js` file contains a hardcoded KeyManager address (`0xAd5481E02f8cdAabD1d3F04b7953De0FDb53F048`) as a fallback for direct execution. This hardcoded address represents a vulnerability, as it could lead to incorrect transaction routing or failure if the address is outdated or incorrect for the specific Universal Profile, though it does not indicate malicious intent to exfiltrate data or establish persistence.
- External report
- View on VirusTotal