Back to skill
Skillv1.0.0
VirusTotal security
Grok Twitter Query · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:10 AM
- Hash
- c310310d410be8ab877fb962119feb49309497330a2f0c18fce47fc86fb2be36
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: grok-twitter Version: 1.0.0 The skill directs users to provide a sensitive 'GROK_API_KEY' which is then transmitted to a suspicious, non-official third-party domain ('api.cheaprouter.club') instead of the official xAI API. The use of a likely fictitious model name ('grok-4.20-beta') and the redirection of credentials to an untrusted endpoint in 'scripts/query_grok.py' and 'SKILL.md' strongly suggests a risk of credential harvesting.
- External report
- View on VirusTotal