Back to skill
Skillv2.0.1
VirusTotal security
Okki Sync Mail · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 29, 2026, 2:36 AM
- Hash
- 51be733da9c4b5a937d562178f6d4fc378dc69c8ef23922b0568389b97120442
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: okki-sync-mail Version: 2.0.1 The bundle is a comprehensive email automation and CRM synchronization tool for OKKI CRM. It is classified as suspicious because it utilizes `execSync` in `auto-capture.js` and `kb-retrieval.js` to execute local Python scripts with arguments derived from external email data (such as domains and search queries) without sufficient sanitization, creating a significant risk of command injection. While the skill includes proactive security instructions in `SKILL.md` to defend against prompt injection and implements path validation for file operations in `scripts/imap.js` and `scripts/smtp.js`, the combination of shell execution, broad file system access, and the transmission of sensitive email content to external APIs (OpenRouter and Discord) constitutes high-risk behavior. No evidence of intentional malice or data exfiltration to unauthorized endpoints was found.
- External report
- View on VirusTotal