Back to skill
Skillv1.0.0
VirusTotal security
Matrix Channel Fix · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:32 AM
- Hash
- 9e54eb43f7f5d80d8ef07a68b9e4545d312947a2625c29754254479a0180c1fe
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: matrix-fix Version: 1.0.0 The skill is classified as suspicious due to several risky operations and poor security practices, primarily involving the handling of sensitive credentials. The `SKILL.md` instructs the agent to execute shell commands that expose passwords directly in the command line (e.g., `openclaw config set channels.matrix.password` and `curl ... -d '{"type":"m.login.password", ...}'`), which can lead to credential exposure in process lists or logs. Additionally, it uses powerful commands like `rm -rf ~/.openclaw/matrix/accounts/*` for clearing tokens and `pnpm add` for package installation, which, while intended for troubleshooting, carry inherent risks if not handled with extreme care by the agent and underlying system. There is no clear evidence of malicious intent such as data exfiltration to unauthorized endpoints or backdoor installation.
- External report
- View on VirusTotal