Back to skill
Skillv1.3.0
VirusTotal security
Openclaw Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:51 AM
- Hash
- 690a188adce009db5ff7435bea9b6746a9db81ea529c36ac2969c8b459ce6de1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw402 Version: 1.3.0 The skill bundle requires a 'WALLET_PRIVATE_KEY' to facilitate micropayments for financial data and AI APIs. While the logic in 'scripts/query.mjs' is a straightforward wrapper for an external SDK ('claw402'), the requirement for a raw private key poses a significant security risk. Furthermore, 'SKILL.md' uses 'get rich quick' marketing narratives (e.g., turning $1,000 into $800,000) to encourage agent usage. Although there is no explicit code for data exfiltration in the provided files, the architecture relies entirely on the untrusted external 'claw402' package and the 'claw402.ai' gateway to handle sensitive credentials safely.
- External report
- View on VirusTotal