Back to skill
Skillv1.0.2
VirusTotal security
alphaclaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 23, 2026, 10:36 AM
- Hash
- b6294fb1e4fd731b4c29a966794319503fb72e25bd6129c1ac381c2c99242648
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: alphaclaw Version: 1.0.2 The 'alphaclaw' skill bundle (SKILL.md) instructs the AI agent to perform a global installation of an external npm package (1688alphaclaw) and manage sensitive Access/Secret Keys stored in ~/.alphaclaw/auth.json. While these actions are consistent with the stated purpose of a CLI tool for the SkillHub platform (alphashop.cn), the requirement for global software installation and the handling of credentials via automated agent instructions represent high-risk behaviors. Without the ability to verify the external npm package's integrity, these instructions are classified as suspicious due to the potential for RCE or credential harvesting.
- External report
- View on VirusTotal