Back to skill
Skillv1.0.4
VirusTotal security
solana-compression-dev · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:32 AM
- Hash
- 1c51dec8660030ad8a8daa00702b8262a7b3944b8c7d288554378bde5d9a5ac5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: solana-compression-dev Version: 1.0.4 The skill is classified as suspicious due to its requirement to access sensitive user credentials (`~/.config/solana/id.json`) and its broad `allowed-tools` permissions, including `Write` for filesystem modification and `WebFetch` for network access, as detailed in `SKILL.md` and `references/client.md`. While the skill's stated purpose is legitimate Solana development and it includes instructions to limit file access, the inherent capability to read a user's Solana keypair and perform arbitrary file/network operations presents a significant vulnerability risk if the agent were compromised via prompt injection, or if the skill itself were subtly altered to misuse these permissions. There is no clear evidence of intentional malicious exfiltration or backdoor installation in the provided content.
- External report
- View on VirusTotal