Back to skill
Skillv0.0.2
VirusTotal security
Ordiscan · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:22 AM
- Hash
- 6bef9decd89910e32670362b37279d1aab1e352896f72f1357c4073e9ffadb2f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ordiscan Version: 0.0.2 The skill is classified as suspicious due to its handling of sensitive data and user-provided file paths, despite the stated purpose appearing benign. It instructs the agent to read an Ethereum private key from `~/.evm-wallet.json` (if not already set as an environment variable) for signing x402 payments via `scripts/x402-sign.mjs`. Additionally, the skill directs the agent to read arbitrary user-provided file paths (`base64 -w0 path/to/file`) for content inscription. While these actions are declared as requirements and are necessary for the skill's functionality, they represent high-risk capabilities that, if mishandled or combined with agent vulnerabilities, could lead to unauthorized access to sensitive data or local file inclusion/reading.
- External report
- View on VirusTotal