Back to skill
Skillv0.1.0
VirusTotal security
EmoPAD Universe · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:38 AM
- Hash
- 1c641ad775375f544649bc70a0b21a2037dc69523fde58a5e81796e4bff1f17d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: emopad-universe Version: 0.1.0 The skill bundle implements a multi-modal emotion tracking system (EEG/PPG/GSR) but contains several high-risk patterns. Specifically, `emopad_cli.py` uses `os.system` to execute `xdg-open` on a path constructed from environment variables, which is vulnerable to shell injection. The `install.py` and `nebula.py` scripts perform aggressive automated actions, such as force-installing Python packages and hardcoding X11 authentication paths (`/run/user/1000/gdm/Xauthority`), which could lead to permission issues or unauthorized display access. While these behaviors align with the stated goal of a 'continuous monitoring' service, the lack of input sanitization and the intrusive auto-start mechanism warrant a suspicious classification.
- External report
- View on VirusTotal