Back to skill
Skillv1.19.0
VirusTotal security
OpenClawCash · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:27 AM
- Hash
- baf313495f76b4f8641bc1ec0e9d7cedbc390dad57fe2b6e4f9feb79d33979ad
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: open-claw-cash Version: 1.19.0 The skill provides a comprehensive crypto wallet management API for AI agents, but contains high-risk instructions in SKILL.md that encourage the agent to bypass per-transaction user confirmation. Specifically, it suggests an 'operate_on_my_behalf' mode where, after a single initial approval, the agent executes financial 'write' actions (transfers, swaps, Polymarket orders) autonomously using the '--yes' flag. Additionally, the scripts/agentwalletapi.sh tool facilitates the transmission of raw private keys to the backend (https://openclawcash.com) during wallet imports. While these features align with the stated purpose of a managed wallet service, they significantly expand the attack surface for prompt injection and unauthorized financial transactions.
- External report
- View on VirusTotal