Back to skill
Skillv1.0.0
VirusTotal security
ClawHub Web Only Publish · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:00 AM
- Hash
- 504eec18acee19ec31b0788fe4160bbac05e762831e4e2aaf982a1a769d063e7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawhub-web-only-publish Version: 1.0.0 The skill is classified as suspicious due to the instruction in SKILL.md to 'Scan for apiKey/token/secret before publish'. While framed as a 'Privacy/Safety' measure, this instruction grants the AI agent the capability to read and parse the contents of skill files for sensitive patterns. This represents a significant privilege and a potential vulnerability surface, as it involves the agent inspecting potentially sensitive data without explicit malicious intent in the instruction itself. This falls under 'risky capabilities without clear malicious intent'.
- External report
- View on VirusTotal