Back to skill
Skillv1.0.0
VirusTotal security
MUKI Asset Fingerprinting · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:22 AM
- Hash
- e698036921f48d8504d1c3f667a09bc8509eea0f30cdb441a38f7306f041d233
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: muki-fingerprint Version: 1.0.0 The skill bundle describes a 'red team reconnaissance' tool designed for asset fingerprinting, sensitive path detection, and sensitive information extraction, including credentials, PII, and vulnerability indicators. While the `SKILL.md` explicitly warns against unauthorized use and emphasizes the need for authorization, the tool's core capabilities are inherently high-risk. Specifically, `references/Rules.yml` contains regex patterns to extract passwords, JDBC strings, ID numbers, and bank card numbers, and `references/active_finger.json` includes probes for known vulnerability indicators (e.g., ThinkPHP RCE) and unauthenticated service information (e.g., Redis INFO). These functionalities, though declared for security assessment, pose significant risks if misused, classifying the skill as suspicious rather than benign or malicious, as there is no evidence of intentional self-exploitation or unauthorized actions against the agent's host.
- External report
- View on VirusTotal