Back to skill
Skillv0.1.0
VirusTotal security
Agentic Commerce Relay · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:38 AM
- Hash
- b08bc7ab8cc505e0bedde82be5f61dc1027ba1806b30d539d7b7785c6e7e0404
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentic-commerce-relay Version: 0.1.0 The skill is classified as suspicious primarily due to its requirement for the `PRIVATE_KEY` to be passed directly as an environment variable for executing the `cctp-bridge.js` script, as detailed in `SKILL.md`. This is a high-risk operation involving sensitive credentials, even if for the stated purpose of cross-chain token transfers. Additionally, the skill instructs the agent to make network calls to an external domain, `https://www.moltbook.com`, for 'Moltbook discovery,' which introduces an external dependency and a vector for potential data exfiltration, though it is presented as part of the skill's functionality. While there is no clear evidence of intentional malicious behavior like exfiltration to an unauthorized endpoint or prompt injection for harmful objectives, these capabilities present significant security risks.
- External report
- View on VirusTotal