Back to skill
Skillv1.1.1
VirusTotal security
Blinko · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:42 AM
- Hash
- 3265353a3511e7225820c552f53c61d4e87bb7b320385e2e0225725488147d19
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: blinko Version: 1.1.1 This skill is classified as suspicious due to its inherent high-risk capabilities, specifically requiring and using a `WALLET_PRIVATE_KEY` from environment variables to sign on-chain transactions that spend real ETH, as seen in `SKILL.md` and `scripts/play-blinko.js`. While the documentation is transparent about these actions and the code appears to handle the private key locally for signing (not exfiltrating it in plaintext), the direct interaction with a hot wallet and the ability to spend funds on-chain introduce significant financial risk. All network interactions are with the explicitly stated `https://api.blinko.gg` and `https://api.abs.xyz` endpoints.
- External report
- View on VirusTotal