QXMP Oracle
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: qelt-rwa-oracle Version: 0.1.0 The QXMP Oracle skill is a standard API wrapper designed to fetch real-world asset (RWA) data and proof-of-reserve status from the QXMP Oracle (api.qxmp.ai). It uses curl via Bash to interact with public, read-only endpoints and provides clear instructions for the AI agent to parse and report asset valuations. No evidence of data exfiltration, malicious execution, or prompt injection was found across SKILL.md or the reference files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used, the agent may send network requests to the documented public oracle services to retrieve asset and proof data.
The skill relies on shell/curl calls to external APIs. This is disclosed and purpose-aligned for fetching oracle data, but users should know the agent will contact QXMP/QELT endpoints when invoked.
curl -fsSL "https://api.qxmp.ai/api/v1/rwa/assets?page=1&limit=100"
Use the skill only when you expect public QXMP/QELT data lookups, and verify that requests stay within the documented API and contract endpoints.
The package metadata may not exactly identify the same owner, slug, or version shown in the registry listing.
The packaged metadata uses a placeholder ownerId and differs from the registry listing shown for this skill, which is a provenance/packaging clarity issue rather than evidence of unsafe code.
"ownerId": "YOUR_CLAWHUB_OWNER_ID", "slug": "qxmp-oracle", "version": "1.0.0"
Before installing, confirm the ClawHub listing, homepage, and package identity match the skill you intend to use.