Back to skill
Skillv1.0.0
VirusTotal security
Moria Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:36 PM
- Hash
- c95b32d4fa1ccd071fa145e61dbedc7343795b12e679304f2281a86ae7ae5125
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moria-skill Version: 1.0.0 The skill bundle provides Web3 wallet management for Moria.fun but contains significant security risks and hardcoded credentials. Specifically, 'scripts/util/ipfs.ts' contains a hardcoded Pinata JWT, and 'scripts/config.ts' includes hardcoded Helius RPC API keys. The skill's architecture involves fetching a wallet and private key from a remote API ('moria.fun/api/agent/wallet') and storing it locally using a custom TEA encryption implementation ('scripts/util/tea.ts'). While these functions appear aligned with the stated goal of programmatic trading, the exposure of developer secrets and the remote retrieval of private keys represent high-risk vulnerabilities.
- External report
- View on VirusTotal