Skillv2.0.1

VirusTotal security

Torch Domain Auction Bot · External malware reputation and Code Insight signals for this exact artifact hash.

BenignApr 30, 2026, 3:55 AM

Hash: 3712846150831789cac3029aba48d0da7141c99f9e44ff0e636c6c34038d3aea
Source: palm
Verdict: benign
Code Insight: Type: OpenClaw Skill Name: torchdomainauctionbot Version: 2.0.1 The OpenClaw AgentSkills bundle for Torch Domain Auction Bot is classified as benign. The skill demonstrates strong security practices, including the use of ephemeral, in-process keypairs by default (or securely loading an optional private key from environment variables without logging or transmitting it). All significant economic actions, such as liquidations and token launches, are routed through a user-controlled Torch Vault, ensuring the agent itself never holds substantial funds. The `SKILL.md` explicitly sets `disable-model-invocation: true`, preventing autonomous execution and mitigating prompt injection risks. External API calls are read-only and for legitimate purposes (e.g., CoinGecko for price data, SAID Protocol for wallet reputation, ExpiredDomains.net for domain discovery), and no sensitive data is transmitted to these endpoints. Dependencies are minimal, pinned to exact versions, and the SDK source is bundled for full auditability, with no evidence of malicious execution or persistence mechanisms.
External report: View on VirusTotal