Back to skill
Skillv2.0.0
VirusTotal security
pocket-money · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:24 AM
- Hash
- 8379892237c3a20cd62ef2d3fdf79759dc59f0f1435135d050d49d4cf83a98f4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pocket-money Version: 2.0.0 The skill stores unencrypted private keys for crypto wallets on disk at `.auteng/wallets/<name>.json`, which is a significant vulnerability as it exposes funds if the host machine is compromised. While the `SKILL.md` transparently discloses this risk and provides mitigations (e.g., restricted file permissions, advice to use small amounts, and explicit instructions for the AI agent to seek human approval before any spending), the inherent risk of unencrypted key storage makes it suspicious. There is no evidence of intentional malicious behavior like data exfiltration or unauthorized remote control.
- External report
- View on VirusTotal