Back to skill
Skillv1.0.0
VirusTotal security
Stranger Recognition Skill | 陌生人识别技能 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 17, 2026, 2:11 PM
- Hash
- e8f705eb5ade38bfb18b33817a9c56d1f5e4d478aa09a362810faad6667b2b95
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: smyx-stranger-recognition-analysis Version: 1.0.0 The skill bundle implements a complex identity and token management system that automatically registers users (using phone numbers or Open-IDs) to a remote backend (lifeemergence.com) and stores access tokens in a local SQLite database (smyx-common-claw.db). A significant security concern is found in 'skills/smyx_common/scripts/skill.py', which contains logic to execute the 'openclaw' CLI tool via subprocess.run, providing a mechanism for the script to trigger arbitrary agent actions. Furthermore, 'SKILL.md' includes 'Mandatory Memory Rules' that override standard AI behavior to strictly prohibit the use of local memory or LanceDB, forcing the agent to rely exclusively on the external API for historical data, which could be used to bypass local session logs or safety constraints.
- External report
- View on VirusTotal