Back to skill
Skillv0.1.0
VirusTotal security
gomail · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:41 AM
- Hash
- c681c2544d6ce16bd9dc831dc173e5b28f439f01dc90dd7738961582649a3503
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gomail Version: 0.1.0 The gomail skill provides a wrapper for a CLI tool to send emails with attachments via SMTP. It exhibits high-risk behaviors including an installation process in SKILL.md that downloads and executes a remote binary from GitHub (wget/chmod +x) and the capability to read arbitrary local files for use as email attachments. While these functions are aligned with the tool's stated purpose, they provide a significant mechanism for data exfiltration and supply chain risk if the agent is compromised or misused.
- External report
- View on VirusTotal