Skillv1.0.0

VirusTotal security

kaspa-wallet · External malware reputation and Code Insight signals for this exact artifact hash.

BenignApr 30, 2026, 3:26 AM

Hash: b04772be5f85189b9e85940ddb08a128564c96689c2413896b6d7c52872cefe3
Source: palm
Verdict: benign
Code Insight: Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 3 The OpenClaw AgentSkills skill bundle for the Kaspa Wallet is classified as benign. The code and documentation are clearly aligned with its stated purpose of managing a cryptocurrency wallet. It handles sensitive information (private keys, mnemonics) via environment variables, which is a standard practice for CLI tools, and explicitly warns against exposing them. The installation script (`install.py`) uses standard Python virtual environment and `pip` commands to install the `kaspa` SDK from PyPI. The main script (`kaswallet.sh`) and Python logic (`scripts/kaswallet.py`) perform expected wallet operations like checking balances, sending funds, and generating mnemonics, all interacting with the Kaspa RPC network. Crucially, the `SKILL.md` documentation, which is treated as an attack surface, contains no evidence of prompt injection attempts, hidden instructions to exfiltrate data, or directives to perform actions outside the scope of a cryptocurrency wallet. The troubleshooting steps in `SKILL.md` that mention `sudo` are for user-initiated system setup, not for the agent to execute as part of the skill's core functionality.
External report: View on VirusTotal