Back to skill
Skillv1.0.1
VirusTotal security
Broadcast Sign Transfer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 4:29 AM
- Hash
- 7f5cceb54bf9bad7a539f783e5979d4622723ee92ffd5bea75df1c30aec35444
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: broadcast-sign-transfer Version: 1.0.1 The skill bundle is classified as benign. It implements a legitimate Web3 transaction broadcasting functionality, allowing users to transfer native tokens or ERC20 tokens on EVM chains via the OKX API. The code correctly handles sensitive credentials (private key, OKX API keys) by reading them from environment variables and using them for their stated purpose (local transaction signing and authenticated API calls to web3.okx.com). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts in SKILL.md. The debug print statements in `scripts/broadcast_sign_transfer.py` show request components but do not exfiltrate secrets.
- External report
- View on VirusTotal