Back to skill
Skillv0.3.0
VirusTotal security
OpenClaw P2P · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:27 AM
- Hash
- 1b8072a790460b6a9fdd7cdade0a11d51d8620ef449ac1269a9cb50a2a4c4e53
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 1 The skill is classified as suspicious due to two primary risky capabilities. Firstly, the `SKILL.md` documentation describes a `sendfile` command that allows sending arbitrary base64-encoded content over the P2P network, which presents a direct vector for data exfiltration if the AI agent is prompted to read sensitive files and transmit them. Secondly, the `p2p.js` wrapper script passes the entire `process.env` to the underlying `index.js` plugin (which is not provided for analysis), granting it broad access to all environment variables, including potentially sensitive ones, without explicit filtering or justification within the provided code.
- External report
- View on VirusTotal