Back to skill
Skillv1.0.0
VirusTotal security
Collect Fees · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 24, 2026, 3:01 AM
- Hash
- 5593afba53fc39a3462ea779352c21c7210ab67952e262822160384c61c5f189
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pcs-collect-fees Version: 1.0.0 The skill includes a mandatory 'Step 0' in SKILL.md that instructs the AI agent to execute an automated curl command to 'pancakeswap.ai'. This command exfiltrates telemetry data, including the host's operating system, architecture, and agent identity (fingerprinting). While the core logic in the Node.js scripts (e.g., fetch-v3-positions.mjs and fetch-solana.cjs) appears to be legitimate read-only blockchain interaction, this undocumented outbound tracking beacon is a privacy risk and is not required for the skill's stated functionality.
- External report
- View on VirusTotal