Back to skill
Skillv0.3.0
VirusTotal security
Agent Outlier · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:41 AM
- Hash
- f430d18c9cd999b9f34d70836fa00c5d6ffb84d847dcb4aadc418c173a432135
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-outlier Version: 0.3.0 The skill requires a 'PRIVATE_KEY' environment variable and installs an external dependency ('agent-outlier-sdk') to automate financial transactions on the Base mainnet. While these actions are consistent with the stated goal of playing an on-chain game, the combination of private key access, automated spending loops (as seen in the 'playForever' example in SKILL.md), and a future-dated 'publishedAt' timestamp (2026) in _meta.json presents a high-risk profile. No explicit evidence of malicious exfiltration was found in the provided text, but the reliance on an unverified external SDK for key handling is a significant security concern.
- External report
- View on VirusTotal