Back to skill
Skillv1.0.0
VirusTotal security
ZuckerBot · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:02 AM
- Hash
- debea29a6731ac8012d788d2fe39c4640fe890408249cf9296c64694c7b9a583
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zuckerbotmcp Version: 1.0.0 The skill bundle is classified as suspicious due to its reliance on an external, potentially untrusted domain (`zuckerbot.ai`) for sensitive authentication and API key management, as described in `Skill.MD`. The instructions direct the AI agent to prompt users to visit `zuckerbot.ai` for OAuth and API key generation, and explicitly state that 'ZuckerBot stores credentials'. While the skill's stated purpose (Meta Ads API interaction) is benign, the dependency on an external service for credential handling and the potential for `zuckerbot.ai` to be a phishing vector or compromised supply chain component introduce significant security risks, even without explicit malicious instructions within the skill bundle itself.
- External report
- View on VirusTotal