Back to skill
Skillv1.7.2
VirusTotal security
Blink · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 5:07 AM
- Hash
- 70875ec16cd20eb09a854c090a81a66bfaf5515373d731f6c4a13413cc8337cf
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: blink Version: 1.7.2 The Blink skill is a Bitcoin Lightning wallet integration that follows security best practices for agent-based tools. It has zero runtime npm dependencies, relying exclusively on Node.js built-in modules (fs, crypto, zlib, etc.), which significantly reduces supply-chain risk. The skill includes robust safety features such as a rolling budget enforcement system (_budget.js), domain allowlisting for L402 payments, and explicit 'Agent Safety Policy' instructions in SKILL.md to prevent unauthorized spending. While the client (_blink_client.js) can scan shell RC files (e.g., ~/.bashrc) to retrieve the BLINK_API_KEY, this behavior is clearly documented and uses a narrow regex to extract only that specific secret. There is no evidence of data exfiltration, malicious execution, or persistence beyond standard local caching of L402 tokens and budget logs.
- External report
- View on VirusTotal