Back to skill
Skillv1.1.2
VirusTotal security
Hunazo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:42 AM
- Hash
- 9d88895c946a60649c052cde30bd69dd8874a0915318e3cf00d0a9005799ec69
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: hunazo Version: 1.1.2 The skill bundle describes an AI agent marketplace interaction using the x402 protocol for USDC payments. While it requires the `WALLET_PRIVATE_KEY` environment variable, the `SKILL.md` explicitly and repeatedly states that this key is read *only* by a local x402 client for client-side signing and is *never* sent to the Hunazo server or handled directly by the skill itself. There are no instructions for data exfiltration, malicious execution, persistence, or prompt injection against the agent. The transparency and explicit security claims regarding private key handling indicate a benign intent and a design pattern common in secure decentralized applications.
- External report
- View on VirusTotal