Back to skill
Skillv1.0.3
VirusTotal security
tron-x402-payment-demo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:32 AM
- Hash
- afcda9b338d1004ec5f4bdb1c9371ca931d1f12c93cfedd32c1b7a3dcb9e9b4c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tron-x402-payment-demo Version: 1.0.3 The skill requests access to the highly sensitive `TRON_PRIVATE_KEY` environment variable, which could be used for signing transactions in the stated 'x402 payment demo'. While this capability might be necessary for the demo's purpose of 'signing permits', the direct access to a private key represents a significant security risk. Additionally, the skill delegates core payment logic to an unprovided external skill, `x402_payment_tron`, introducing an unanalyzed dependency and potential supply chain risk. The external network call to `http://x402-tron-demo.sunagent.ai/protected` is also noted.
- External report
- View on VirusTotal