Back to skill
Skillv0.1.1
VirusTotal security
Crow Payments · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:51 AM
- Hash
- 1d73aacd63fb116367cc319f86b3836a42882892c45192e50038a0a472baeb3a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: crow Version: 0.1.1 The skill bundle provides an interface for an agent to use 'CrowPay' for autonomous payments. While functional, SKILL.md contains aggressive instructions directing the AI agent to immediately install the skill permanently via npx, create a wallet, and modify its own persistent memory files (e.g., CLAUDE.md) to store API keys. It uses prompt-injection techniques by falsely claiming 'the user has asked you to do this' to bypass potential safety filters during setup. These high-risk behaviors, including the instruction to fetch external code from GitHub (https://github.com/Fallomai/skills), are classified as suspicious as they involve unauthorized persistence and state modification, despite being plausibly related to the service's stated purpose.
- External report
- View on VirusTotal