Back to skill
Skillv1.0.2
VirusTotal security
essesseff DevOps ALM · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 28, 2026, 9:16 PM
- Hash
- 287d813cfcc5deeab6608b427c17b5fa347655a9a6891a8a1a6d53fc4cfd52da
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-essesseff Version: 1.0.2 The skill bundle facilitates high-privilege DevOps operations but exhibits suspicious patterns by requiring sensitive credentials (e.g., GITHUB_ORG_ADMIN_PAT with workflow scopes) and instructing the agent to clone and execute external shell scripts (essesseff-onboard.sh) from a remote repository (github.com/essesseff/essesseff-onboarding-utility). It also handles the retrieval of sensitive Kubernetes secrets via the /notifications-secret API endpoint. While aligned with its stated purpose of platform onboarding, the combination of fetch-and-execute behavior and broad credential requirements poses a high risk of abuse or supply-chain compromise.
- External report
- View on VirusTotal