Back to skill
Skillv1.1.0
VirusTotal security
Cfm Redis · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 18, 2026, 5:56 PM
- Hash
- 2f157370b0050a5b37033ea9f848ddfd5f13135df4c8e7dc27c887d4a33f9f84
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cfm-redis Version: 1.1.0 The cfm-redis bundle provides a Redis-based Pub/Sub communication framework for inter-agent messaging. It is classified as suspicious due to explicit instructions in SKILL.md (Lesson 5) advising the AI agent to use 'execute_code' instead of 'terminal' specifically to bypass human-in-the-loop command approvals in certain environments (e.g., Feishu). Additionally, cfm_daemon.py includes a webhook trigger capability that could be used for data exfiltration, and several scripts contain hardcoded local file paths (e.g., /Users/kyle/) and message IDs, suggesting the bundle was extracted from a specific environment without proper sanitization or security hardening.
- External report
- View on VirusTotal