Back to skill
Skillv1.0.0
VirusTotal security
Alpha Finder (x402) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:08 AM
- Hash
- b5047f3c45fc022cc621bd294dc5674f985c30c08ab916301459c45221fb6026
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: alpha-finder Version: 1.0.0 The skill is classified as suspicious due to its handling of sensitive credentials and reliance on remote code execution. The `scripts/analyze.sh` file explicitly reads a private key from user configuration files (including `~/.x402-config.json`) and exports it as an environment variable, which is a high-risk operation. Furthermore, the script uses `npx -y @itzannetos/x402-tools-claude` to download and execute an external Node.js package, introducing a supply chain risk as the content of this package is not part of the bundle and could change. While these actions are stated as necessary for payment via the x402 protocol, they represent significant security vulnerabilities without clear malicious intent within the provided files.
- External report
- View on VirusTotal