Back to skill
Skillv1.1.0
VirusTotal security
GitHub → ClawHub 一键转化发布 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:39 AM
- Hash
- 19f77db9af54c9892cf82053bb44a31cd44e48b0f0ec49018d406944a168bff2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: github-to-clawhub Version: 1.1.0 The skill automates the conversion of GitHub repositories into OpenClaw skills and handles publishing to ClawHub. It is classified as suspicious because it requests a sensitive API token (clawhub token) and includes instructions to perform a system-level file modification using 'sed -i' on a local library file (publish.js) within /usr/local/lib to patch a CLI bug. While these actions are contextually relevant to the skill's purpose, modifying system-wide files and handling authentication tokens via shell execution presents significant security risks without clear evidence of intentional malice.
- External report
- View on VirusTotal