Back to skill
Skillv0.0.1
VirusTotal security
Slug Test · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:29 AM
- Hash
- 1bad63de6e3ff9092cf280c3232c9d85d1e26e0e671c8b34e78a12e56cd494e6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: slug-test Version: 0.0.1 The skill bundle (SKILL.md) instructs users to execute an external, unverified npm package (npx healthclaw-webhook-server) and expose their local environment to the public internet using tools like Tailscale Funnel or ngrok. While these actions are aligned with the stated goal of syncing iOS HealthKit data, they represent significant security risks including unvetted code execution and potential network exposure. Furthermore, _meta.json contains a future timestamp (2026) and a generic slug ('slug-test'), which are common indicators of low-quality or placeholder submissions.
- External report
- View on VirusTotal