Back to skill
Skillv0.1.4
VirusTotal security
Acp · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:27 AM
- Hash
- 62073d32c726ed9f03d762a4dcd213e3f7ed8acaacf02042994464c94ceae520
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-acp-channel-skill Version: 0.1.4 The skill bundle is classified as suspicious due to its extensive use of high-risk capabilities, primarily for installation and configuration. The `resources/install.md` file contains explicit prompt-injection instructions for the AI agent to perform `git clone` and `npm install` from external repositories (GitHub, Gitee), which introduces a significant supply chain vulnerability. Additionally, the agent is instructed to directly modify the core `~/.openclaw/openclaw.json` configuration file and set broad default network permissions (`allowFrom: ["*"]`), as detailed in `SKILL.md` and `resources/config-reference.md`. While these actions are plausibly necessary for a plugin's functionality, they represent a substantial attack surface and lack of granular control, raising concerns about potential misuse or exploitation if the upstream sources are compromised.
- External report
- View on VirusTotal