Back to skill
Skillv1.0.7
VirusTotal security
WatchOrfight - Rock, Paper, Scissor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:22 AM
- Hash
- a821d9f56377374a8c69e45f74c6a46bd7a68170877f3777ab49075a95ae0480
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wof-rps Version: 1.0.7 The skill is classified as suspicious due to its requirement for a `PRIVATE_KEY` environment variable and its capability to perform on-chain transactions that spend USDC, which are inherently high-risk operations. While the `SKILL.md` provides extensive security recommendations (e.g., dedicated game wallet, hardware wallet, transaction scope) and explicitly disables autonomous agent invocation (`disable-model-invocation: true`), the direct handling of a private key and potential for real-money spending via the `wof-rps` CLI (installed via `npm install -g @watchorfight/rps-mcp`) elevates its risk profile beyond benign. There is no evidence of intentional malicious behavior like data exfiltration to arbitrary endpoints, backdoors, or deceptive prompt injection attempts within the provided files; the documentation is transparent and aims to guide secure usage.
- External report
- View on VirusTotal