Back to skill
Skillv1.0.0
VirusTotal security
AI Frens Onboarding · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:35 AM
- Hash
- c3b9a91956afdae40ddee7b00d473a23ccd3660fdb2f71843a297fbea3bef148
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aifrens-onboard Version: 1.0.0 The skill is classified as suspicious due to two primary concerns: 1) The `onboard.ts` script, which handles the core 'become-fren' functionality, uses placeholder `0x000...0000` contract addresses for critical operations like `FREN_REGISTRY` and `MAGIC_TOKEN`. This makes the script non-functional and would result in the loss of the `CREATION_FEE_ETH` (0.01 ETH) if executed, as it would be sent to the zero address. This is inconsistent with the actual contract addresses listed in `SKILL.md` and `README.md`. 2) Both `aifrens.ts` and `onboard.ts` require the `WALLET_PRIVATE_KEY` to be exposed as an environment variable for signing blockchain transactions, which is a high-risk practice for handling sensitive credentials in an agent environment, even if not explicitly exfiltrated by the current code.
- External report
- View on VirusTotal