Back to skill
Skillv1.0.0
VirusTotal security
Pub Autoupd · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:57 AM
- Hash
- 50d2f8d4fab92e207d8ecb0b0b739f4101adb18190d164fa3cdf5dd702f084f6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: auto-updaters Version: 1.0.0 The skill bundle is classified as suspicious due to a significant discrepancy between its stated purpose ('auto-updater' via cron) and its actual content, which consists entirely of documentation for a third-party AI API (SkillBoss). The documentation in SKILL.md and chat-models.md lists non-existent or 'future' models such as GPT-5 and Claude 4.6, and while the skill requests Bash permissions for system updates, it provides no actual implementation code. This deceptive labeling and the inclusion of 'hallucinated' model IDs suggest a misleading attempt to gain system access or influence agent behavior without a clear, legitimate functional path.
- External report
- View on VirusTotal