Back to skill
Skillv1.0.0
VirusTotal security
XT Exchange · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:44 AM
- Hash
- 5025f0728700ae961e6e5b9e8f8dc7f4b9db1ac81331b18e9c02328d7952e370
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: xt-exchange Version: 1.0.0 The OpenClaw AgentSkills bundle provides legitimate CLI tools for interacting with the XT.COM cryptocurrency exchange's spot and futures APIs. The `SKILL.md` documentation includes robust safety instructions for the AI agent, explicitly requiring user confirmation before executing sensitive operations such as placing orders, transfers, or withdrawals. The Python scripts (`xt_spot.py`, `xt_futures.py`) handle API keys by prioritizing environment variables (`XT_ACCESS_KEY`, `XT_SECRET_KEY`) and falling back to a documented local file (`~/.xt-exchange/credentials.json`). All network communications are directed to legitimate XT.COM API endpoints (`https://sapi.xt.com`, `https://fapi.xt.com`). There is no evidence of intentional malicious behavior, unauthorized data exfiltration, persistence mechanisms, or obfuscation. The design choices, including explicit safety prompts for the agent, align with a benign and responsible implementation of a financial trading skill.
- External report
- View on VirusTotal