Back to skill
Skillv0.3.0
VirusTotal security
RustChain MCP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:32 AM
- Hash
- 5f442ee7ddd57f89d365c39cfbfe8f1dcde49b9344503c49ef924864d34be134
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rustchain-mcp Version: 0.3.0 The skill bundle provides tools for interacting with the RustChain blockchain and BoTTube video platform, but it contains significant security vulnerabilities. Specifically, rustchain_mcp/server.py, rustchain_langchain/tools.py, and evangelist_agent.py all disable SSL certificate verification (verify=False) for HTTP requests to external endpoints, including a hardcoded IP address (50.28.86.131), which facilitates Man-in-the-Middle (MitM) attacks. Additionally, evangelist_agent.py is designed to autonomously discover and 'ping' other agents on the Beacon network to promote the service, which constitutes automated spamming behavior.
- External report
- View on VirusTotal