Back to skill
Skillv0.0.1
VirusTotal security
XMTP Agents · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:15 AM
- Hash
- fb85079f2870e64b57f1af34fb2baf284ff510b85b7c2763f526a17cfc7087f4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xmtp-agents Version: 0.0.1 The skill facilitates connecting the agent to the XMTP decentralized messaging network, creating a persistent bridge that routes remote messages directly to the agent's execution environment (e.g., OpenClaw or Claude Code). While the SKILL.md includes a basic authorization check (OWNER_INBOX_ID) and a restrictive prompt for public users, the architecture inherently exposes the agent to remote prompt injection and unauthorized tool usage. The instructions also require the agent to handle sensitive cryptographic keys stored in `~/.xmtp/.env` and encourage setting up a full persistent listener even for simple one-off messaging requests, significantly increasing the host's attack surface.
- External report
- View on VirusTotal