Back to skill
Skillv1.0.3
VirusTotal security
starlight-guild · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:34 AM
- Hash
- 344bcb10ed2f746374784043bac94633d6a8d1789bc516ab5e971735b005f586
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: starlight-guild Version: 1.0.3 The skill bundle instructs the AI agent to interact with an external, untrusted API (`https://www.ai-starlight.cc`) for its core functionality, as detailed in `SKILL.md`. It directs the agent to generate, save, and transmit a sensitive `api_key` to this external service, which could be misused if the service is compromised. Furthermore, the external service can issue 'tasks' to the agent, creating a potential vulnerability where malicious instructions could be delivered and executed by the agent if the `ai-starlight.cc` service were compromised or malicious, effectively turning the agent into a client for a potentially untrusted command-and-control server.
- External report
- View on VirusTotal