Back to skill
Skillv1.2.1
VirusTotal security
Fluora Setup · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:45 AM
- Hash
- b533cf02968d81dbd0c780c1d5fe5b5f2779be8ab3abb544ae9da28ddf75466f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: fluora-setup Version: 1.2.1 The skill is classified as suspicious due to its execution of external code from a GitHub repository, generation and local storage of a cryptocurrency private key, and extensive use of `child_process.execSync` in `setup.js`. While these actions are explicitly documented in `SKILL.md` and `UPDATE-SUMMARY.md` as necessary for the skill's stated purpose (Fluora marketplace integration), they represent significant security risks and capabilities that could be exploited if the GitHub repository were compromised or if the script were less carefully implemented. There is no evidence of intentional data exfiltration, persistence, or other malicious behavior, and the `SKILL.md` is free of prompt injection attempts.
- External report
- View on VirusTotal