Back to skill
Skillv0.1.1
VirusTotal security
Opinion Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 2, 2026, 4:39 AM
- Hash
- 3a5a1b04fd97fa0f44f3fdbac1a8aa6306d39bd3462153a5549c5daeff03f004
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: opinion-skill Version: 0.1.1 The skill is classified as suspicious primarily due to the `SKILL.md` instructions for installing `bun`. It uses `curl -fsSL https://bun.sh/install | bash`, which is a high-risk supply chain vulnerability as it executes arbitrary remote code without prior inspection. While the core functionality of the skill (trading on a prediction market) appears legitimate and all network calls are directed to expected endpoints (`http://newopinion.predictscanapi.xyz:10001`, `https://openapi.opinion.trade/openapi`), the installation method introduces a significant security risk. The skill also handles sensitive user-provided credentials (`PRIVATE_KEY`, `MULTI_SIG_ADDRESS`, `API_KEY`) for blockchain transactions, which, while necessary for its function, underscores the importance of the initial installation's integrity.
- External report
- View on VirusTotal