Back to skill
Skillv1.0.0
VirusTotal security
BOB · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:19 AM
- Hash
- 9d35b90fa24013f37b4548b32290dcd81b10414716f5a3fb91fd880e941f90f5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bob Version: 1.0.0 The skill requires the user to provide a plaintext EVM private key and explicitly instructs the agent to 'Always read and follow' instructions contained in the 'agentHint' field returned by a remote API (bobsmint.xyz). This architecture creates a high-risk vector for remote prompt injection, where a compromised or malicious server could command the agent to exfiltrate the key or perform unauthorized actions. Additionally, the skill performs automated financial transactions and installs dependencies (ethers) at runtime via shell commands in SKILL.md.
- External report
- View on VirusTotal