Back to skill
Skillv3.6.3
VirusTotal security
mintyouragent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:37 AM
- Hash
- 3ddd28a1b197467a1d27514fb50ac001442a1dfadf2b69bf3d3a465ea61fb36f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mintyouragent Version: 3.6.3 The skill is classified as suspicious due to several risky capabilities, primarily the ability to override API and RPC endpoints via environment variables (`SOUL_API_URL`, `HELIUS_RPC`, `SOLANA_RPC_URL`) and to disable SSL verification (`SOUL_SSL_VERIFY=false`) as seen in `mya.py` and `SKILL.md`. While the code demonstrates strong security practices like local key signing, input sanitization, path safety validation, and explicit removal of `subprocess` and `ctypes` modules, these configurable network options introduce a vulnerability. If an attacker can compromise the agent's environment variables, they could redirect network traffic to malicious servers, potentially leading to transaction manipulation or data exfiltration, even though the skill itself does not exhibit direct malicious intent or exfiltrate sensitive data by default.
- External report
- View on VirusTotal