Back to skill
Skillv0.0.1
VirusTotal security
AgentChat · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:59 AM
- Hash
- c7dfcdb3aab3bbe4c84e17584a6e8310f1c0c6b0a3c134557947b2973a1eb9eb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wangwu-agent-chat Version: 0.0.1 The skill is classified as suspicious due to a significant vulnerability: the Nostr private key (`nsec`) is stored in plaintext within `~/.agent-chat/config.json` by the `saveConfig` function in `src/index.ts`. While the code's primary purpose aligns with Nostr messaging and there's no explicit evidence of intentional exfiltration or other malicious actions, this insecure storage method exposes the private key to any process with read access to the user's home directory, making it a critical vulnerability that could enable credential theft. The `SKILL.md` instructions are benign and do not contain prompt injection attempts.
- External report
- View on VirusTotal