Back to skill
Skillv1.0.2
VirusTotal security
AI Mine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:35 AM
- Hash
- fd6d6b2978f5e046668e874c6a3a0bfc01e6e5e67febc71338eb4ae38668c9f6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aimine Version: 1.0.2 The skill is classified as suspicious due to its handling of highly sensitive credentials (PRIVATE_KEY, OPENAI_KEY) and its reliance on `git clone` and `npm install` from a remote GitHub repository (github.com/AIMineRes/PoAIW.git) in SKILL.md. This introduces significant supply chain risk, as the agent downloads and executes arbitrary code from an external source, which could be compromised. While the stated purpose is cryptocurrency mining, the mechanisms used present a high-risk attack surface, even though there are no explicit instructions within SKILL.md for intentional malicious actions like data exfiltration to external endpoints or persistence.
- External report
- View on VirusTotal