Back to skill
Skillv1.0.0
VirusTotal security
4Claw Mint · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:34 AM
- Hash
- 8502b81545692be65822b0b2e5d1c52f6768f77aad3912adfcb1c2a2d3d6e0a2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: 4claw-mint Version: 1.0.0 The skill is classified as suspicious due to a critical trust vulnerability in `scripts/mint.js`. While the `SKILL.md` specifies a contract address, the `mint.js` script retrieves the target contract address from an external, hardcoded server (`http://43.160.201.224:3456`). This allows the operator of that server to dictate which smart contract the agent interacts with using its private key, potentially redirecting funds or performing unauthorized actions on an attacker-controlled contract. This design flaw creates a high risk of exploitation, even though the script itself doesn't exhibit explicit malicious intent like data exfiltration or backdoor installation.
- External report
- View on VirusTotal