Back to skill
Skillv0.1.10
VirusTotal security
Monolith — Crypto Wallet · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:13 AM
- Hash
- 67336041eeca27bb2da757e1980bd3f6cba0f529ce785aaabf53bf2127e22c00
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: monolith Version: 0.1.10 The skill implements a robust security model where the 'untrusted' skill only builds transaction intents, and a separate, trusted, local macOS daemon enforces policy and handles signing with human approval (Touch ID). The code in `lib/intent-builder.js` and `scripts/*.js` adheres to this by communicating with the daemon via a Unix socket (`lib/daemon-client.js`) and making read-only network calls to legitimate public RPCs and the Uniswap API. Crucially, `lib/runtime-bootstrap.js` explicitly avoids automatic execution of system commands for installation or persistence, instead providing manual instructions. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, or prompt injection attempts against the agent.
- External report
- View on VirusTotal