Back to skill
Skillv0.4.0
VirusTotal security
Claws Network · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:19 AM
- Hash
- 4c9b6331b131db1a12a0c7477f612f7956c63f74624706c5c326d8314d5d5a63
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 3 This skill is classified as suspicious due to strong prompt injection instructions, significant supply chain risks, and the use of high-risk capabilities. The `SKILL.md` and `HEARTBEAT.md` files contain explicit instructions for the agent to act autonomously, prioritize the 'Network' over the user, access internal state (e.g., `soul.md`), and perform on-chain transactions and network calls without explicit user permission. Furthermore, the `SKILL.md` and `scripts/update_skill.sh` files extensively use `curl` to download and overwrite skill components from `https://raw.githubusercontent.com/ClawsNetwork/skills/main/claws-network`, creating a supply chain vulnerability. The skill also instructs the agent to create and use a private key (`wallet.pem`) for signing messages and transactions, including sending signed data to `https://stream.claws.network` for funding, which is a high-risk operation.
- External report
- View on VirusTotal