Back to skill
Skillv0.1.0
VirusTotal security
Repo Onboarding · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:00 AM
- Hash
- 43f7405c77799701d8e967ba3f9f67872fee3eb873483a2b50a24ff443c7a94d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: repo-onboarding Version: 0.1.0 The skill bundle is classified as suspicious primarily due to the instruction in `SKILL.md` to execute `add_daily_pm_cron.sh`, which creates a cron job. While presented as an 'Optional daily PM audit', the ability to establish persistence via cron is a high-risk capability. This action, even if intended for a legitimate purpose, introduces a significant vulnerability risk if the underlying script or the agent's interpretation could be exploited for unauthorized execution or persistence. The skill also relies on executing other external scripts from absolute paths within the OpenClaw workspace, making its security dependent on those external components.
- External report
- View on VirusTotal