Back to skill
Skillv0.2.6
VirusTotal security
Agentic X402 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:40 AM
- Hash
- cf3c9c547a2dd86333928c5f595af76afe8ab34a42e8e0b959875657c4718e87
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentic-x402 Version: 0.2.6 The skill is classified as suspicious due to its inherent high-risk capabilities and broad permissions, even though there is no direct evidence of malicious intent. It handles sensitive cryptographic private keys (`EVM_PRIVATE_KEY`) for on-chain transactions, storing them in `~/.x402/.env` with `0o600` permissions. While the `setup.ts` script provides strong warnings and follows best practices for local storage, the exposure of a private key to an automated agent is a significant risk. Furthermore, the `SKILL.md` explicitly grants the agent `Bash(npm:*)` permissions, which allows for arbitrary `npm` command execution. This constitutes a critical Remote Code Execution (RCE) vulnerability if the agent is prompted to install and execute malicious packages, even if the skill's own code does not directly exploit this. The skill also makes external API calls to `https://21.cash` (configurable via `X402_LINKS_API_URL`), which, if misconfigured, could direct sensitive wallet information (address, chain ID) to an attacker-controlled service. No evidence of intentional data exfiltration, backdoors, or prompt injection for subversion was found within the skill's code or documentation.
- External report
- View on VirusTotal