Back to skill
Skillv1.0.0
VirusTotal security
Abstract Toolkit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:26 AM
- Hash
- 1d585ccf246250957295e10558d0d62de183b3acce94189bc7687da97e082265
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: abstract-toolkit Version: 1.0.0 The skill bundle is classified as suspicious due to its inherent high-risk capabilities, specifically the handling of `WALLET_PRIVATE_KEY` for all write operations and direct interaction with real assets on various blockchains. Scripts like `scripts/create-agw.js`, `scripts/deploy-abstract.js`, `scripts/relay-bridge.js`, `scripts/swap-tokens.js`, and `scripts/transfer.js` require this sensitive credential from environment variables to perform financial transactions (transfers, swaps, bridging) and contract deployments. While these actions are plausibly needed for the stated purpose of interacting with the Abstract blockchain, the direct manipulation of private keys and real funds constitutes a significant security risk, even without clear evidence of malicious intent like exfiltration or unauthorized execution.
- External report
- View on VirusTotal