Back to skill
Skillv1.0.0
VirusTotal security
my skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 25, 2026, 7:31 AM
- Hash
- 9fbf7d342164cb399b69ca22acdf001518955f5c239f2aaaa83dfb200b60a200
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: test000-my-skill Version: 1.0.0 The skill bundle provides instructions for an AI agent to manage database instances and execute SQL via a Java CLI tool (dms-cli.jar). It is classified as suspicious due to the presence of security vulnerabilities in Skill.md, specifically a hardcoded AES encryption key ('DMS-FRONT@2023#*') used for passwords and a configuration template that explicitly disables SSL verification ('verify': false). While these represent high-risk security flaws, they appear to be unintentional vulnerabilities or poor security practices rather than intentional malware, as the instructions are otherwise consistent with the stated purpose of database administration for the CTyun DMS service.
- External report
- View on VirusTotal