Back to skill
Skillv1.0.0
VirusTotal security
Everything 文件搜索 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:26 AM
- Hash
- a268f27c1b98cd03125fdc1bad704a03cfe7ff6985b52f37e6dba7ec76dc29d9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: everything-find-files Version: 1.0.0 The skill provides broad file system access by interfacing with the Everything SDK, allowing an agent to search for and exfiltrate any local file (up to 10MB) via the `send_file` function in `main.py`. While this aligns with the stated purpose of searching and sending files, it creates a significant risk for arbitrary file read and data exfiltration if the agent is manipulated into targeting sensitive locations like SSH keys or environment variables. Additionally, the skill relies on loading external DLLs (e.g., `Everything64.dll`) from the local directory or standard paths, which is a common pattern for this SDK but poses a risk of DLL hijacking if the environment is compromised.
- External report
- View on VirusTotal