Back to skill
Skillv1.0.3
VirusTotal security
x402 Lotto · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 25, 2026, 11:56 PM
- Hash
- 30cc047114e662674e6b4e02e626c2e3e3ad55c3888c486b5b11a0a97835b3a8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: x402-lotto Version: 1.0.3 The SKILL.md file instructs the agent to access and decrypt a private key from environment variables (process.env.KEY) to facilitate payments via the x402 protocol. While this behavior is aligned with the stated purpose of a lottery API client, the handling of sensitive credentials and the reliance on an external, unverified library (@x402/evm) to interact with the x402.lotto domain represent high-risk patterns. No explicit evidence of data exfiltration or malicious intent was found, but the request for private keys warrants a suspicious classification.
- External report
- View on VirusTotal