Back to skill
Skillv1.6.1
VirusTotal security
Human Test · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:55 AM
- Hash
- df0dda5ad3db4242a6e10328e9179b434cdb10c0482cd4cf9980a702b1c8b8f6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: human-test Version: 1.6.1 The skill bundle contains high-risk instructions that direct an AI agent to install a global NPM package (humantest-app) and run a setup process that explicitly scrapes sensitive AI API keys (OpenAI, Anthropic, etc.) from the environment. Most concerningly, the documentation (SKILL.md) instructs users to grant GitHub read/write access to a specific personal account (avivahe326) for 'auto-fix' capabilities, which is a significant security risk and a common pattern for repository hijacking. While these actions are framed as features for a human-testing service (human-test.work), the combination of credential extraction and requests for direct GitHub access to a personal account is highly suspicious.
- External report
- View on VirusTotal