Back to skill
Skillv1.0.0
VirusTotal security
Autonomous Commerce · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:49 AM
- Hash
- fb221ee76afabd68c791b40421c757eb41d48aa94990ded3d73c339042a52d71
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: autonomous-commerce Version: 1.0.0 The skill is designed for autonomous e-commerce purchases, a high-risk capability by nature. However, the documentation (SKILL.md, skill.json, README.md) and code consistently implement strong security guardrails. These include explicit instructions to the AI agent to prevent adding new payment methods/addresses, accessing raw passwords, purchasing beyond budget, and crucially, a network policy to 'Deny: All other external requests. No data exfiltration'. The core automation script (amazon-purchase-with-session.js) even includes a human confirmation step before placing an order. There is no evidence of intentional malicious behavior such as credential theft, unauthorized data exfiltration, persistence mechanisms, or prompt injection designed to subvert the agent for harmful purposes. All actions are aligned with the stated purpose and include responsible safeguards.
- External report
- View on VirusTotal