Back to skill
Skillv0.9.2
VirusTotal security
zenTable · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:49 AM
- Hash
- 0a3f35d9d85b1e407573fd40b83aec711ece3b25a8586fb7b2efe45760ecdd02
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zentable Version: 0.9.2 The skill bundle is declared as 'text-only' in INSTALL.md and README.md, explicitly instructing the OpenClaw agent to download the actual runnable code from an external GitHub release URL (https://github.com/con2000us/zenTable/releases/tag/skillhub-zentable-beta-2026-03-01). This introduces a significant supply chain vulnerability, as the platform cannot directly review the executable code, and a compromised external source could lead to the execution of arbitrary malicious payloads. Furthermore, SKILL.md requests broad 'exec', 'read', and 'write' permissions, enabling the agent to perform such external downloads and executions.
- External report
- View on VirusTotal