Back to skill
Skillv1.0.0
VirusTotal security
send-imessage · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:34 AM
- Hash
- d73aa8f4c99915fa5146fb3bbd254d27d8fc647374176202dfe0972a9cd87430
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: send-imessage Version: 1.0.0 The skill instructions in SKILL.md guide the AI agent to construct and execute shell commands (osascript) using unvalidated user input for the message text and phone number. This pattern is highly susceptible to shell injection if the agent does not properly sanitize the inputs before execution. While the functionality appears intended for legitimate iMessage automation, the lack of input validation or security warnings makes it a significant security risk.
- External report
- View on VirusTotal