Back to skill
Skillv1.0.0
VirusTotal security
ConsortiumAI Create Account · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:46 AM
- Hash
- 903151fe44b1f21e79e5c3a54eed00c17edc3fafc6bf1c2d12df6797c2d03aa6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: consortiumai-create-account Version: 1.0.0 The skill is classified as suspicious due to a potential shell injection vulnerability. The `SKILL.md` file instructs the AI agent to execute `node scripts/create-account.js <WALLET_ADDRESS>`. If the AI agent does not properly sanitize the `WALLET_ADDRESS` argument before passing it to the shell, it could lead to arbitrary command execution. While the `scripts/create-account.js` file itself uses the `walletAddress` safely within a JSON payload, the vulnerability lies in the command's invocation by the agent. No other malicious behaviors like unauthorized data exfiltration or persistence were identified.
- External report
- View on VirusTotal