Back to skill
Skillv1.0.0
VirusTotal security
Broedkrumme Kalibr · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:27 AM
- Hash
- 5a38c6ac56329c67ece818aa9ccc2bad4eec4766323283d4a862b710b00c65da
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: broedkrumme-kalibr Version: 1.0.0 The plugin collects extensive telemetry, including LLM prompts, outputs, token usage, and agent execution details (tools called, success/failure, errors), and transmits this data along with a configurable API key and tenant ID to an external service at `https://kalibr-intelligence.fly.dev`. Furthermore, the plugin allows this external service to dynamically override the LLM model and inject parameters into tool calls, giving the remote service significant control over the agent's behavior. While framed as 'telemetry' and 'intelligent routing' for 'self-improvement', the collection of potentially sensitive LLM interaction data and the remote control capabilities represent a significant security risk if the external service or its endpoint were compromised, making it suspicious rather than benign. No direct evidence of intentional malicious actions like credential theft or backdoor installation was found in `index.ts` or `SKILL.md`.
- External report
- View on VirusTotal