Back to skill
Skillv1.0.0
VirusTotal security
Virtuals · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:34 AM
- Hash
- 22cf321d0db347b6f35b137281d6897a85787bee4fad79e7b873369983d42c84
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: virtuals Version: 1.0.0 The skill is classified as suspicious primarily due to its capability to store a user-provided private key on disk in `~/.openclaw/virtuals/config.json` via the `virtuals config --private-key <key>` command (documented in SKILL.md and implemented in src/cli.ts). While the code attempts to secure this file with `chmodSync(CONFIG_FILE, 0o600)` and the SKILL.md explicitly warns 'TESTNET ONLY for now - Don't use mainnet funds', storing private keys on disk is an inherently high-risk practice. The current implementation of the `create` command in `src/cli.ts` does not yet use the private key for on-chain transactions, directing users to a website instead, which prevents an immediate 'malicious' classification, but the risky capability remains.
- External report
- View on VirusTotal