Back to skill
Skillv1.4.0
VirusTotal security
Social Post · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:31 AM
- Hash
- 30f9fccea7d6c4493a1b71e347f2b6d2c1248c8bf0e92e011c782a80b1c9eb5d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: social-post Version: 1.4.0 The skill is classified as suspicious due to its reliance on unstated external dependencies for core functionality. Specifically, `lib/twitter.sh` attempts to execute `/home/phan_harry/.openclaw/workspace/scripts/twitter-post.sh` for text-only Twitter posts, but this script is not included in the bundle. Additionally, `lib/farcaster.sh` implicitly depends on the internal file structure and code (`./src/x402`) of another OpenClaw skill located at `/home/phan_harry/.openclaw/workspace/skills/farcaster-agent/repo`, which introduces a supply chain risk. While the skill's stated purpose is benign and its direct code does not show malicious intent, these unmanaged external dependencies elevate its risk profile.
- External report
- View on VirusTotal