Back to skill
Skillv0.1.1
VirusTotal security
X To Kindle · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:29 AM
- Hash
- 0460ffa28e01a8abcc084557cc0b213741277e5950f850b85fb21c4dbeb9b20b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: x-to-kindle Version: 0.1.1 The `send_to_kindle.py` script is designed to send any local file specified by its command-line argument to a pre-configured Kindle email address via SMTP. While the `SKILL.md` instructions limit its intended use to a generated HTML file in `/tmp`, the underlying script's broad file access capability (reading arbitrary files from the filesystem) combined with network exfiltration (emailing the file) presents a significant risk. A malicious prompt could instruct the agent to use this tool to exfiltrate sensitive files (e.g., `~/.ssh/id_rsa`, `/etc/passwd`) to the configured Kindle email, which, while user-controlled, still constitutes unauthorized data exfiltration from the agent's environment.
- External report
- View on VirusTotal