Back to skill
Skillv0.1.1
VirusTotal security
Aster Futures · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:59 AM
- Hash
- 5d98f315e675a6837dd57e55bf712f82abfa6aa90d518d6e1f616070fd47eee0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aster-futures Version: 0.1.1 The skill is designed to interact with a cryptocurrency futures API, requiring the handling of sensitive API wallet private keys for EIP-712 ECDSA signing. A critical vulnerability exists in the instruction for the agent to store these raw private keys in `TOOLS.md` (or similar internal storage), as detailed in `SKILL.md`. This direct handling and storage of unencrypted private keys, combined with the skill's capability to initiate cryptocurrency withdrawals (`/fapi/aster/user-withdraw`), creates a high-risk scenario. While the skill includes safeguards like masking displayed keys and requiring user confirmation for mainnet transactions, these do not mitigate the fundamental risk of an AI agent possessing raw private keys, making it highly susceptible to prompt injection attacks that could lead to unauthorized financial transactions or credential exfiltration.
- External report
- View on VirusTotal