Back to skill
Skillv3.2.0
VirusTotal security
Ai Coach · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 15, 2026, 12:51 AM
- Hash
- 4d6698e6ca98084e4fc1336a993d7298138d646200ea1c4080ae4e0f1f349cdc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: triathlon-ai-coach Version: 3.2.0 The skill bundle handles highly sensitive credentials, including Garmin passwords and TrainingPeaks authentication cookies, storing them in local files (e.g., data/credentials.json) or environment variables. It also contains hardcoded API credentials for the IMA service in scripts/send_daily_plan.py and utilizes risky execution patterns like os.popen and subprocess.run in scripts/tp_sync.py and scripts/plan_engine.py. While these capabilities are aligned with the stated purpose of a triathlon coach, the insecure management of secrets and use of shell-calling functions represent significant security vulnerabilities.
- External report
- View on VirusTotal