Back to skill
Skillv1.0.1
VirusTotal security
Bank Skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:35 AM
- Hash
- e05c31ec6da1067242e42da0d29b5800010892cb3700c727cee039808bcd8555
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bank-skills Version: 1.0.1 This skill is classified as suspicious due to the presence of high-risk capabilities and a weak default security setting, even though these are explicitly documented. Specifically, the `export_private_key` function in `bankskills/wallet.py` allows direct retrieval of the wallet's private key, which, if misused by a compromised agent or attacker, could lead to full control over the associated cryptocurrency funds. Additionally, the default wallet password 'clawbank-default' in `bankskills/wallet.py` is weak, making the encrypted keystore more vulnerable if the `CLAWBANK_WALLET_PASSWORD` environment variable is not overridden. While the documentation (`SKILL.md`, `README.md`) transparently describes these features and includes warnings, the inherent risk of exposing private keys and using weak defaults warrants a 'suspicious' classification rather than 'benign'.
- External report
- View on VirusTotal