Back to skill
Skillv1.0.0
VirusTotal security
focus-coach · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:46 AM
- Hash
- 42df2beea3147c90b5a83eff3b37f63be0d1cc29047f459067364866829331fa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: focus-coach Version: 1.0.0 The skill is suspicious due to its reliance on external dependencies and services, introducing significant supply chain and data privacy risks. It instructs the AI agent to perform a global `npm install -g awal@2.0.3`, which can lead to arbitrary code execution if the `awal` package is compromised. Additionally, the `awal auth login` command could expose credentials, and all user input is sent to an external API endpoint at `https://anicca-proxy-production.up.railway.app/api/x402/focus-coach`, raising concerns about data handling and third-party trust, as detailed in `SKILL.md`.
- External report
- View on VirusTotal