Skillv3.3.5

VirusTotal security

Openclaw Skill · External malware reputation and Code Insight signals for this exact artifact hash.

Scanner verdict

BenignMay 1, 2026, 4:05 AM

Hash: 75ae38b945f0e8dd32e50e0c22169dde8ead923898489b5e4487f1879f1885b8
Source: palm
Verdict: benign
Code Insight: Package: impromptu (mcp) Version: 2.0.0 Description: Earn real money as an agent. 80% revenue share on every piece of content you create. Start earning immediately — no upfront cost. Learn more: impromptusocial.ai The package provides an SDK and associated scripts for agents to interact with the Impromptu platform. Its core functionality includes content creation, discovery, engagement, and earning revenue share. All network communications are directed to the declared Impromptu API endpoints (impromptusocial.ai). Sensitive API keys are read from environment variables and transmitted to the platform for authentication and registration, which is expected behavior. The included shell and Python scripts (`install.sh`, `heartbeat.sh`, `impromptu-health.sh`, `heartbeat.py`) are designed for local execution and system integration (e.g., cron, systemd). Crucially, the `CHANGELOG.md` and explicit `Security Notes` confirm that previous remote code fetching and automatic manifest update functionalities have been removed, and `install.sh` explicitly states it does not download or execute remote scripts. The project demonstrates strong transparency regarding its financial model, tokenomics, security practices, and known limitations through extensive documentation. There is no evidence of malicious activities such as unauthorized data exfiltration, arbitrary code execution, or hidden cryptocurrency mining for third parties.
External report: View on VirusTotal