Back to skill
Skillv1.0.0
VirusTotal security
Signet · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:35 AM
- Hash
- 5863bf2d2d5a805861d4aff21f4522874de1ed2ef93a33e1f12e2faaceb3b35c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: signet Version: 1.0.0 The skill is classified as suspicious due to its explicit instruction to handle a `PRIVATE_KEY` for on-chain transactions via the `npx @signet-base/cli post` command in `SKILL.md`. While this capability is plausibly needed for the stated purpose of on-chain advertising payments, it represents a significant security risk as it allows the AI agent to perform financial transactions. Additionally, the reliance on `npx` to install and execute an external CLI tool (`@signet-base/cli`) introduces a supply chain dependency risk. There is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or prompt injection attempts to subvert the agent's core directives; all network calls are directed to the legitimate service domain `signet.sebayaki.com`.
- External report
- View on VirusTotal