Back to skill
Skillv1.0.1
VirusTotal security
GoList · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:41 AM
- Hash
- f58f52e74adf7203302bfe9aef68bf5f3c4ac351b4018bef76923bb249acab72
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: golist Version: 1.0.1 The OpenClaw AgentSkills skill bundle for GoList is benign. The `SKILL.md` instructions clearly define the agent's behavior, including strict constraints on the API base URL (`https://go-list.app/api`) and allowed data fields for item writes, preventing prompt injection for malicious actions. The `golist_cli.py` script adheres to these constraints, using standard Python libraries for network communication and local state persistence (`~/.openclaw_golist_state.json`). There is no evidence of data exfiltration, arbitrary code execution, persistence mechanisms, or obfuscation. All network calls are directed to the specified GoList API, and data handling is aligned with the stated purpose of managing shopping lists.
- External report
- View on VirusTotal