Back to skill
Skillv1.0.0
VirusTotal security
Windfall Inference · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
Apr 29, 2026, 4:02 AM
- Hash
- c0b510fc355054ccffb22c12cd570f6b9d053e7069616c7d9ee6aea6f2fc0d6f
- Source
- palm
- Code Insight
- Type: OpenClaw Skill Name: windfall-inference Version: 1.0.0 The OpenClaw AgentSkills skill bundle for "windfall-inference" is classified as **benign**. The skill bundle implements a spatially-routed LLM inference gateway with features such as dynamic model selection, energy-aware routing, semantic caching, and on-chain attestations. The codebase demonstrates strong security practices, including API key hashing, input validation, rate limiting, CORS restrictions, and secure session management. Notably, the `src/services/acp-handler.ts` file explicitly validates incoming requests, rejecting any that are not LLM inference (e.g., blockchain token swaps), which is a critical security control against misuse. The `SKILL.md` and `testing-guide.md` files serve as benign documentation and testing instructions for human users, without any evidence of prompt injection attempts against an AI agent. While the `deploy/setup.sh` script executes a remote script from `deb.nodesource.com` for Node.js installation, this is a common and generally trusted practice for server setup and does not indicate malicious intent.
- External report
- View on VirusTotal