Back to skill
Skillv1.0.0
VirusTotal security
Knowledge Sync · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:25 AM
- Hash
- 975a5e7739691342f3c678c0ee15ae84e1eda5ea040dd0e8616f7807d7a55bc1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: knowledge-sync Version: 1.0.0 The skill bundle implements automated synchronization of the agent's workspace to external platforms (Gitee and Nutstore) using inotifywait, rsync, and Git. While these actions align with the stated purpose of 'knowledge sync,' the scripts (sync-realtime.sh and git-auto-push.sh) exhibit high-risk behaviors, including automatic data exfiltration of the entire workspace—including sensitive directories like 'scripts' and 'memory'—and the use of hardcoded paths (/home/admin/). The documentation in SKILL.md also encourages establishing persistence via systemd and crontab, which, combined with automated network activity, presents a significant security risk.
- External report
- View on VirusTotal