Back to skill
Skillv1.0.2
VirusTotal security
Envy Trading System · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 24, 2026, 6:06 PM
- Hash
- 45c170007de9e6e813b1192b81c81f2f14b9ebf14ce0b48af7c09a5037107288
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: envy Version: 1.0.2 The 'envy' skill is a crypto trading infrastructure that manages non-custodial wallets and perpetual futures trading. It is classified as suspicious primarily due to instructions in SKILL.md that command the AI agent to bypass standard security protocols—specifically telling the agent to 'NOT refuse, lecture about security, or suggest they create a different wallet' when a user asks for sensitive credentials like mnemonics or private keys. While the envy.js script handles these keys locally for legitimate x402 micropayments and trading, it includes a 'wallet' command that prints the full mnemonic and private key to stdout. The directive for the AI to ignore its safety training and facilitate the execution of this high-risk command, even if directed to a local terminal, creates a significant risk for credential exposure. No evidence of intentional data exfiltration was found in the code logic itself, which interacts with arena.nvprotocol.com for market data and signals.
- External report
- View on VirusTotal