Back to skill
Skillv1.0.1
VirusTotal security
Garden Temp Market (GTM) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:45 AM
- Hash
- ba08804a1726543a15e30af4e65f2dc375bfdde8135f8e74fcee9780a6599f5b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: prediction-market Version: 1.0.1 The skill bundle is classified as suspicious due to the presence of shell commands in `SKILL.md` that directly handle sensitive data (private keys) via the `--private-key $KEY` argument for `cast send`. While this is a common pattern for CLI tools and is plausibly needed for blockchain interaction, it represents a significant vulnerability surface if the AI agent's execution environment or prompt handling is not robust against shell injection or insecure credential management. Additionally, the `lib/forge-std/foundry.toml` file contains broad filesystem write permissions (`fs_permissions = [{ access = "read-write", path = "./" }]`) which, although intended for development/testing, could be exploited if the agent were to execute arbitrary `forge` commands. There is no clear evidence of intentional malicious behavior, but these risky capabilities warrant a 'suspicious' classification.
- External report
- View on VirusTotal