Back to skill
Skillv1.0.0
VirusTotal security
AgentPay MCP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:07 AM
- Hash
- b20f1b562b6524a5ce363722f628a7366274dccf7700e0acc927b69d46128915
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentpay-mcp Version: 1.0.0 The skill facilitates automated USDC payments on the Polygon network and requires a raw AGENT_PRIVATE_KEY in environment variables, which is a high-risk security practice for AI agents. It exposes powerful tools for financial transactions such as 'pay', 'open_channel', and 'bridge_usdc' in SKILL.md. While these capabilities align with the stated purpose of a payment MCP, the requirement for sensitive credentials and the potential for unauthorized fund movement via the external 'agentpay-mcp' npm package makes this skill inherently risky.
- External report
- View on VirusTotal