Back to skill
Skillv1.1.0
VirusTotal security
Didit Proof Of Address · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:01 AM
- Hash
- e4c8cfbe40a07514bc9e36ecb57994e59ec12db59b3665efc4a0aa2f3a1cdcdc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: didit-proof-of-address Version: 1.1.0 The `SKILL.md` file contains explicit API call instructions for account registration, email verification, and billing management (e.g., `POST https://apx.didit.me/auth/v2/programmatic/register/`, `GET /v3/billing/balance/`, `POST /v3/billing/top-up/`). These instructions, while presented as 'Getting Started' steps, could be interpreted by an AI agent as actionable commands, leading to prompt injection vulnerabilities. This allows the agent to perform network calls and potentially create accounts or interact with billing systems beyond the core skill's stated purpose of verifying address documents. The `scripts/verify_address.py` file itself is benign and performs only the intended address verification.
- External report
- View on VirusTotal