Back to skill
Skillv2.0.3
VirusTotal security
Torch Prediction Market Kit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:01 AM
- Hash
- 342052a7a950cabb89a66442a0eef8172553c406232d487ea670bcd0aa20474b
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: torchpredictionmarketkit Version: 2.0.3 The OpenClaw AgentSkills skill bundle for the Torch Prediction Market Kit is benign. It demonstrates robust security practices, including the use of a disposable, in-process generated agent keypair (or an optional, low-value `SOLANA_PRIVATE_KEY` explicitly marked sensitive), a vault-first custody model where all funds are routed through a user-controlled vault, and strict input validation for `markets.json` (e.g., `metadataUri` domain allowlist, `initialLiquidityLamports` cap at 10 SOL, `oracle.asset` allowlist). The `SKILL.md` explicitly sets `disable-model-invocation: true`, preventing autonomous execution, and the documentation clearly outlines the bot's capabilities and security model, with no evidence of prompt injection attempts or malicious intent. External network calls are limited to read-only public APIs (CoinGecko, Irys) with no credentials, and dependencies are minimal and pinned.
- External report
- View on VirusTotal