Back to skill
Skillv1.0.1
VirusTotal security
Toingg Ops Toolkit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:37 AM
- Hash
- 42e60b19db273a279aa0a4a01f217746ab917f5921820b7037f5a267671ee7ef
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: toingg-skill Version: 1.0.1 The skill is classified as suspicious due to its instructions for the OpenClaw agent to create a cron job that executes a shell command. Specifically, the `references/analytics-cron.md` file contains a `openclaw cron create` command with a hardcoded absolute path (`/Users/abhinavkalvacherla/.openclaw/workspace/skills/toingg-skill`) and uses shell command substitution (`$(date +%Y%m%d)`). While these are used for a plausible purpose (scheduling analytics and timestamping files), the hardcoded path is brittle and potentially revealing, and the ability to execute arbitrary shell commands via cron represents a high-risk capability that could be exploited if the command string were influenced by untrusted input, even though no direct malicious intent is observed in this specific usage.
- External report
- View on VirusTotal