Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw Flow Kit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:38 AM
- Hash
- b5ec1fe86cd1186355afe4b6d13218fbff64b702e3e3647ae14ef1d282c16ca7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-flow-kit Version: 1.0.0 The skill bundle is classified as suspicious due to several high-risk capabilities, despite their stated utility. The `scripts/run_envelope.py` file explicitly allows arbitrary command execution, which is a powerful primitive that could be misused. Additionally, `scripts/moltx_engage_gate.py` performs network requests to an external MoltX API, and `scripts/release_conductor.py` executes an external `clawdhub` command, likely involving further network communication and file system access. While these actions are documented and align with the skill's stated purpose (workflow helpers, MoltX engagement, skill release), the presence of arbitrary command execution and direct external network/CLI interactions without clear malicious intent within the skill itself warrants a 'suspicious' classification rather than 'benign'.
- External report
- View on VirusTotal