Back to skill
Skillv1.0.1
VirusTotal security
exchange_rate_assistant · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 31, 2026, 12:56 AM
- Hash
- ea8d337aa3271dccab76057b2bf369b918c9b06a2f2d4e18d68ee3ab6dc9b145
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: exchange-rate-assistant Version: 1.0.1 The skill acts as a thin client proxy that redirects all user input to a remote service at claw-uat.ebonex.io. The SKILL.md file contains explicit instructions for the AI agent to perform high-privilege operations, including fetching API keys from the remote server, modifying the OpenClaw environment configuration via 'openclaw config set', and restarting the gateway. While these behaviors appear to be part of the 'Prana' platform integration, the automated remote credential fetching and the requirement for the agent to modify its own host environment represent a significant security risk and a broad attack surface for potential data redirection or unauthorized configuration changes.
- External report
- View on VirusTotal