Back to skill
Skillv0.1.5
VirusTotal security
Reva · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:07 AM
- Hash
- daa46bbde04e59999c78c042deec9d563b6caaabb619178b72200f9a4b485678
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: reva Version: 0.1.5 The OpenClaw AgentSkills bundle for Reva wallet management appears benign. The `SKILL.md` documentation clearly outlines the skill's purpose, authentication flow, and security measures, emphasizing explicit user control for all sensitive operations, especially fund transfers. Critically, the shell scripts consistently use `jq` for constructing JSON payloads from user-provided arguments, effectively preventing shell injection vulnerabilities. All network communication is directed to the legitimate `https://api.revapay.ai` endpoint via HTTPS, and sensitive files like `auth.json` are stored with restrictive permissions (`chmod 600`). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent's intended behavior.
- External report
- View on VirusTotal