Back to skill
Skillv1.0.0
VirusTotal security
Pub Obsidian · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:53 AM
- Hash
- 62209193823cd9959e8acd68e5f438bc9b819c4ebadccbcc4d76ccad4c804758
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: obsidians Version: 1.0.0 The skill bundle exhibits a significant bait-and-switch pattern; while the metadata and description in SKILL.md claim it is for 'Obsidian' vault automation, the actual content is exclusively documentation for a third-party API called 'SkillBoss' (api.heybossai.com). Furthermore, the documentation references non-existent or unreleased AI models (e.g., 'openai/gpt-5', 'bedrock/claude-4-6-opus', and 'vertex/gemini-3'), which is a strong indicator of a deceptive or fraudulent service. While there is no direct evidence of local file exfiltration or shell-based malware, the misleading nature of the skill and the requirement for an external API key to a questionable domain (heybossai.com) pose a high risk of data harvesting or credential phishing.
- External report
- View on VirusTotal