Back to skill
Skillv0.9.3
VirusTotal security
Tongateway · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 24, 2026, 5:36 PM
- Hash
- 7d66a031a3aec50f6d7956a4fa14e95cb6279340eb80610438b272187eb89b03
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tongateway Version: 0.9.3 The skill bundle provides tools for TON blockchain interaction, including a high-risk 'autonomous mode' (agent_wallet.transfer) that allows the AI to execute transactions without per-action user approval. While the documentation in SKILL.md and SECURITY.md is transparent about the risks and uses a dedicated contract model to limit exposure, the capability to move funds autonomously and the storage of signing keys in ~/.tongateway/wallets.json are significant high-risk behaviors. The installation also relies on npx execution of the @tongateway/mcp package, which is standard for MCP servers but requires trust in the @tongateway npm scope.
- External report
- View on VirusTotal