Back to skill
Skillv1.0.3
VirusTotal security
GIMHub · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:11 AM
- Hash
- 5402a71329b3fc5dafe484541db42e0e73769b6b8979f5c09e1e753faa096d44
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gimhub Version: 1.0.3 The skill is classified as suspicious due to the broad file access and upload capabilities in `scripts/gimhub.py`. Specifically, the `cmd_push` function, when no specific files are provided, defaults to recursively reading all non-hidden, non-binary text files in the current directory and its subdirectories (`Path(".").rglob("*")`) and uploading them to `https://gimhub.dev`. While `SKILL.md` explicitly warns against committing secrets and the script attempts to filter out common sensitive directories (e.g., `.git`, `node_modules`) and dotfiles, this default behavior carries a significant risk of inadvertently exposing sensitive data if it resides in the agent's current working directory and is not explicitly ignored by the script's limited filter. There is no clear evidence of malicious intent to exfiltrate data to an unauthorized destination, but the risky capability warrants a 'suspicious' classification.
- External report
- View on VirusTotal