Back to skill
Skillv1.0.0
VirusTotal security
openclaw skill for swarms ai · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:39 AM
- Hash
- 2dfd968fe2e27186305bcb1a36f0e8a245b259281188d947691c4e385b2e2e66
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: swarms-ai Version: 1.0.0 The skill is classified as suspicious due to two critical vulnerabilities. First, it explicitly instructs and provides examples for transmitting Solana wallet private keys directly in API requests to `swarms.world` for token launching and payment processing (SKILL.md, references/atp-protocol.md, references/marketplace.md). This is an extremely insecure method for handling sensitive cryptographic keys, making them vulnerable to interception or compromise. Second, the skill exposes file system manipulation tools (`create_file`, `read_file`, `update_file`, `delete_file`) to the AI agent when `max_loops='auto'` is enabled (references/sub-agents.md, references/tools.md). While `run_bash` is explicitly disallowed, these file operations present a significant prompt injection risk, potentially allowing a malicious agent prompt to read, modify, or delete arbitrary files on the host system if the OpenClaw execution environment is not perfectly sandboxed.
- External report
- View on VirusTotal