Back to skill
Skillv1.0.0
VirusTotal security
easy-openclaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:52 AM
- Hash
- 2256e39c976de37a91f400a10df6c2e0d2fefc590f6b53feaa71c872ae6880a1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: easy-openclaw Version: 1.0.0 The skill bundle acts as a high-privilege configuration wizard that manages OpenClaw settings, handles sensitive API tokens (Discord, Telegram, Feishu), and executes shell commands. While its behavior is aligned with the stated purpose of optimization, it exhibits high-risk behaviors such as overwriting extension source code (specifically `probe.ts` in the Feishu extension in `references/layer2-channels.md`) and installing third-party skills from various remote GitHub and ClawHub repositories (`references/layer3-skills.md`). The inclusion of a 'wide allowlist' for command execution (including `curl`, `pip`, and `npm`) and the inherent risk of handling raw credentials make this bundle a significant security surface, despite the presence of instructions for data masking and user confirmation.
- External report
- View on VirusTotal