Back to skill
Skillv1.0.1
VirusTotal security
Create a coin on trends.fun · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:55 AM
- Hash
- fd061c41d7451ce57f1a7acd5a9582ff3c30ee865a4041e494b0f53d702b321c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: trendsdotfun Version: 1.0.1 The skill is classified as suspicious due to a critical prompt injection vulnerability found in `SKILL.md`. The instructions explicitly tell the AI agent to 'output the keypair and address to the user' if a Solana keypair is not found. If executed literally by an agent, this would lead to the disclosure of the user's Solana private key in the agent's output, posing a severe information security risk. While the code itself (`src/index.ts`, `src/auth.ts`) uses the keypair for legitimate Solana operations and does not show direct malicious exfiltration to an external endpoint, the instruction to output the private key constitutes a critical vulnerability that could be exploited for credential theft via the agent's logging or output mechanisms.
- External report
- View on VirusTotal