Back to skill
Skillv0.1.1
VirusTotal security
Aster Spot · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:01 AM
- Hash
- f14e6b147b6fe085fb0ce615e9bc7216987bf94e30bd6b10c138283e8939d3b0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aster-spot Version: 0.1.1 The skill is classified as suspicious due to its inherent capability to perform high-risk financial operations, such as transferring assets (`/api/v1/asset/sendToAddress`) and withdrawing funds (`/api/v1/aster/user-withdraw`), as well as creating API keys (`/api/v1/createApiKey`). While the `SKILL.md` file includes explicit instructions for the AI agent to implement critical safeguards like user confirmation for mainnet transactions and masking of sensitive credentials, the direct access to these high-impact functionalities, combined with the described plain-text storage of API keys and secrets in `TOOLS.md` (as per `SKILL.md`'s 'Aster Accounts' section), presents a significant vulnerability if the agent's environment is compromised or if these safeguards are bypassed. No evidence of intentional malicious behavior like data exfiltration or backdoors was found in the provided files.
- External report
- View on VirusTotal