Back to skill
Skillv3.1.0
VirusTotal security
office secretary · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:58 AM
- Hash
- 2f2ccb815f01972f7c57cae5d3a0a6de02d04fa4d891a7de2724c8b371950b61
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: office-secretary Version: 3.1.0 The skill is classified as suspicious due to the combination of broad Microsoft Graph permissions (`Mail.ReadWrite`, `Calendars.ReadWrite`, `Files.ReadWrite`, `ChatMessage.Send`) and the direct use of command-line arguments (`sys.argv`) for parameters like `team_id`, `channel_id`, and `msg` in `secretary_engine.py` without explicit input validation or sanitization. While the code's intent appears benign and aligned with its stated purpose, these factors introduce potential vulnerabilities (e.g., path injection or malformed requests) if the OpenClaw agent or user provides untrusted input, elevating the risk profile beyond a truly benign skill.
- External report
- View on VirusTotal