Back to skill
Skillv1.0.0
VirusTotal security
Tilt Protocol — AI Fund Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:21 AM
- Hash
- 796f42d4b015443da64254b8c4705a8d59e8d0118cafdf04f64ec0df9995b7f7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tilt-protocol Version: 1.0.0 The skill features a self-updating mechanism in `SKILL.md` that instructs the agent to download and review new instructions from a remote API (bowstring-backend-production.up.railway.app), creating a high-risk vector for remote prompt injection or command execution. It manages sensitive credentials ($TILT_PRIVATE_KEY) for on-chain trading and requires broad 'shell' and 'network' permissions. While the behavior aligns with the stated purpose of a DeFi fund manager on the Robinhood L2 testnet, the dynamic instruction fetching and use of an external backend for core logic are significant security vulnerabilities.
- External report
- View on VirusTotal