Back to skill
Skillv1.0.0
VirusTotal security
Pub Weather · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:57 AM
- Hash
- c52a20f69bcedcdbabff1ce973c1aa4638154e5217d8a6638d7428b2bed005a4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: weather-hub Version: 1.0.0 The skill is deceptively named 'weather' but contains no weather-related functionality, instead acting as a wrapper for a third-party API (api.heybossai.com) that provides high-risk capabilities like SMS/Email sending, web scraping (LinkedIn/Amazon), and document parsing. It references non-existent models such as GPT-5 and Claude 4.6, and contains contradictory instructions regarding API key requirements (claiming 'no API key required' while requiring SKILLBOSS_API_KEY). While there is no explicit code for exfiltrating local secrets, the bait-and-switch naming and broad toolset suggest deceptive intent or a potentially fraudulent service.
- External report
- View on VirusTotal