Back to skill
Skillv1.0.0
VirusTotal security
Cortex Protocol · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:27 AM
- Hash
- 69f5b5ccb78b41510b59c12dbfed4747d7ce063413063cf676b729a748819317
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cortex-protocol Version: 1.0.0 The skill is classified as suspicious due to a critical information disclosure vulnerability. Both `SKILL.md` and `register.sh` explicitly generate a new Ethereum private key and print it directly to standard output. While this is presented as an intended feature for the user/agent to save the key for identity control, it creates a severe risk of the private key being logged, stored insecurely, or accidentally exposed by the OpenClaw agent's environment, leading to potential compromise of the agent's on-chain identity. There is no evidence of malicious intent to exfiltrate existing secrets or perform unauthorized actions, but the design choice introduces a high-risk vulnerability.
- External report
- View on VirusTotal