Back to skill
Skillv1.0.2
VirusTotal security
Agentcast · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:10 AM
- Hash
- 628c1c63d760453ab38af27bbaf1627ed6a4205fb16486feb9745c4ee1f1ec0f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentcast Version: 1.0.2 The skill facilitates AI agent registration on Farcaster and the ERC-8004 registry but exhibits high-risk credential handling. Specifically, 'verify-wallet-on-farcaster.mjs' defaults to sending the sensitive Farcaster 'signer_uuid' (which grants control over an account via Neynar) to a third-party proxy endpoint (ac.800.works) to bypass API costs. While the SKILL.md includes security warnings against displaying keys in logs, the overall architecture encourages users to share powerful credentials with the author's infrastructure, posing a significant security risk.
- External report
- View on VirusTotal