Back to skill
Skillv0.2.3
VirusTotal security
Agent identity and reputation registration · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:19 AM
- Hash
- 1ff19ab1ced8de01c703fd60af0895aa8180470f994dd653b287f226988657d7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: 8004-mcp Version: 0.2.3 The skill bundle is classified as suspicious due to several high-risk capabilities, even though they are plausibly needed for its stated purpose. It instructs the AI agent to manage cryptocurrency wallets, including initializing a wallet store with a 'master password' and creating/importing wallets (`wallet_store_init`, `wallet_create`, `wallet_import` in `skill.md`). This involves handling highly sensitive cryptographic keys and passwords. Additionally, the underlying `npx` command that launches the MCP server passes `...process.env` (`skill.md`, `README.md`), granting the server process access to all environment variables of the agent, which is a broad permission that could be exploited. Finally, the skill enables the agent to perform on-chain write operations (`agent_register`, `feedback_give`, etc. in `skill.md`) that incur real costs and modify public blockchain state.
- External report
- View on VirusTotal