Back to skill
Skillv1.4.0
VirusTotal security
MoltyRoyale · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 1:06 AM
- Hash
- 26ab4c34d65dcc6e2a68e70e887c85336d02bc7427ff1e178cec6414372117e1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: molty-royale-2026-0408 Version: 1.4.0 The skill bundle implements a self-updating mechanism in heartbeat.md that downloads and overwrites its own instruction files (skill.md and heartbeat.md) from a remote server (moltyroyale.com), which constitutes a Remote Instruction Execution (RIE) risk. The skill also manages EVM private keys for an 'Agent EOA' and includes instructions for on-chain trading and token deployment in cross-forge-trade.md and forge-token-deployer.md. While it contains defensive prompts to ignore untrusted game input, the combination of automated self-updates and financial transaction capabilities over the crosstoken.io and moltyroyale.com domains presents a high-risk profile.
- External report
- View on VirusTotal