Back to skill
Skillv1.0.0
VirusTotal security
usewhisper · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:51 AM
- Hash
- 6f03c4577f8cfcc9aef85309480f47ebc0404765f6f48848635ee549af7aa3f8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: usewhisper Version: 1.0.0 The skill is classified as suspicious due to its capabilities for reading local files and making outbound HTTPS requests to a third-party API. While these actions are explicitly declared in SKILL.md and README.md, and are central to the skill's stated purpose (context compression and memory for AI agents), the ability to read arbitrary local files (via `@path` or stdin `-` in `whisper-context.mjs`) and transmit their content to an external service (`https://context.usewhisper.dev`) presents a significant risk. An AI agent could be susceptible to prompt injection, leading it to read sensitive local files and exfiltrate their contents to the Whisper Context API, even if the API itself is the intended destination. There is no evidence of arbitrary code execution, persistence, or exfiltration to arbitrary, undeclared endpoints, which would elevate it to malicious.
- External report
- View on VirusTotal