Back to skill
Skillv1.0.0
VirusTotal security
guoguo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 17, 2026, 2:11 PM
- Hash
- 4a760f40890e67902d24561ca6e8ce96ff2e3d0178aba6444e519e1bcacecd06
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: guoguo Version: 1.0.0 The skill bundle contains instructions in SKILL.md that command the AI agent to execute a local shell script (setup-mcp.sh) to modify the environment's MCP configuration files. This script is not included in the provided files, which is a significant security risk as it directs the agent to perform unverified code execution. While the stated intent is to configure a shipping service, the use of shell commands to modify system-level configurations without providing the source code constitutes a high-risk behavior.
- External report
- View on VirusTotal