Back to skill
Skillv1.1.0
VirusTotal security
Funding Program Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 24, 2026, 5:56 PM
- Hash
- 8ba91d414b11326803358106fb644b5ea9e0b5e9808c07b583abe6a73971da3b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: karma-funding-program-manager Version: 1.1.0 The skill provides comprehensive management for funding programs on the Karma protocol via the gapapi.karmahq.xyz API. It is classified as suspicious due to its inclusion of logic that modifies system shell configuration files (.zshrc and .bashrc) to persist the KARMA_API_KEY environment variable. While this behavior is documented as part of the setup flow for standalone users, the ability to modify shell profiles is a high-risk persistence mechanism. The skill also handles high-privilege financial operations, including payout disbursements and Ethereum Safe transactions, which are aligned with its stated purpose but require significant permissions. No evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal