Back to skill
Skillv1.0.0
VirusTotal security
MoltMarkets Trading Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:29 AM
- Hash
- c94267984b04163f7159b54ac8a628c61c2a69353e016ca653d38817022d58aa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 1 The skill bundle is classified as suspicious due to the explicit instructions for the AI agent to execute direct shell commands (e.g., `curl`, `jq`, `date` command substitution) within its prompt messages (`payload.message` in `references/cron-definitions.md`). While these commands are currently used for legitimate interactions with the MoltMarkets API (api.zcombinator.io) and public oracle APIs, the mechanism of instructing an AI agent to execute arbitrary shell commands is a high-risk capability that could be exploited via prompt injection. Additionally, the skill instructs the creation of persistent cron jobs for the agent's operation, and includes instructions for the agent to operate 'SILENTLY' or reply 'NO_REPLY', which, while potentially for verbosity control, also reduces visibility of the agent's actions.
- External report
- View on VirusTotal