Back to skill
Skillv0.1.0
VirusTotal security
ChaosChain ACE (Phase 0) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:00 AM
- Hash
- 70725cacbc4030cc3601dd38f8500384a4e9820e81f7f1ecec37989bad1a74d3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: chaoschain-ace Version: 0.1.0 The skill is classified as suspicious due to its reliance on external dependencies and instructions for the agent to fetch external content. The `SKILL.md` instructs the agent to `npm install @chaoschain/ace-session-key-sdk` and `ethers`, introducing a supply chain risk if these packages are compromised. Additionally, the agent is instructed to 'fetch docs/schema' or 'fetch schema/docs' from external sources, which could be exploited for Server-Side Request Forgery (SSRF) or information disclosure if the agent is tricked into accessing malicious or sensitive endpoints. While the stated purpose (API payments) and policy rules aim to constrain behavior, these capabilities present significant vulnerabilities.
- External report
- View on VirusTotal