Back to skill
Skillv1.0.0
VirusTotal security
Skill Publisher — ClawHub 一键发布器 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:39 AM
- Hash
- d1c7257c8fce91e2807285284dce2b332a51a01ba4d2be8e0c0165456696bd77
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawhub-publish-skill Version: 1.0.0 The skill automates publishing to clawhub.com but includes a high-risk step that uses `sed` to modify the source code of the globally installed `clawhub` CLI (`publish.js`) to inject parameters. While described as a bug fix for a 400 error, the automated modification of system-level executable files and instructions to proceed without user confirmation (SKILL.md) are risky behaviors. No evidence of intentional data exfiltration or malicious backdoors was found.
- External report
- View on VirusTotal