Back to skill
Skillv1.0.0
VirusTotal security
Web3dropper Crypto Price Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:27 AM
- Hash
- 1b9e035b2b23f7c0503c42e3eaf5e811e074639aa21130f0c8678614df7c7ee4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: web3dropper-crypto-price Version: 1.0.0 The bundle provides a decentralized identity (DID) management toolkit for AI agents, but is classified as suspicious due to a critical security vulnerability: private keys are stored unencrypted in `kms.json` within the `$HOME/.openclaw/billions/` directory. While the documentation in `SKILL.md` and `README.md` explicitly acknowledges this risk, it remains a significant flaw. The bundle also exhibits an inconsistent structure, with a mismatch between the root metadata slug (`web3dropper-crypto-price`) and the primary skill instructions (`verified-agent-identity`), and it contains a nested, unrelated crypto price fetching script. Legitimate domains such as `billions.network` and `privado.id` are used for identity resolution and relaying.
- External report
- View on VirusTotal