Back to skill
Skillv1.0.1
VirusTotal security
gog-safety · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:13 AM
- Hash
- 9ff0a765678b073222bf6d1e74ac835f97c5aceda851345769ef252f53b037fc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gog-safety Version: 1.0.1 This skill bundle automates the compilation and remote deployment of a modified 'gogcli' binary, which involves high-risk operations such as replacing system-level binaries in /usr/local/bin via SSH and sudo (scripts/deploy-gog-safe.sh). While the stated purpose is to enhance safety by removing dangerous commands at compile-time, the build script (scripts/build-gog-safe.sh) fetches source code from a third-party fork (github.com/drewburchfield/gogcli-safe.git) rather than the official upstream repository. This creates a significant supply chain risk where a backdoored version of a tool with access to Google Workspace data could be deployed under the guise of a security hardening measure.
- External report
- View on VirusTotal