Back to skill
Skillv1.6.0
VirusTotal security
ByteRover - Headless · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:10 AM
- Hash
- dc05edd9754c510fedd9812c148ca86410368d590b8169a1e27030d83ae00f12
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: byterover-headless Version: 1.6.0 The skill bundle is classified as suspicious due to its capability to read arbitrary local files and transmit their content to an external service. Specifically, the `brv curate --files` command described in `SKILL.md` allows the agent to read specified local files and send them to `app.byterover.dev` or `app.byterover.com` as part of 'curating context'. While this functionality is presented as part of the skill's stated purpose, it represents a high-risk data exfiltration primitive that could be misused or exploited if the agent is prompted to read sensitive files.
- External report
- View on VirusTotal