Back to skill
Skillv1.0.0
VirusTotal security
Gousto Recipes · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 3:19 AM
- Hash
- 08017da531728a73fe36d2d158043adcd4d33eff8837689ff7618fe5039a3f7d
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: gousto Version: 1.0.0 The skill is benign. It fetches recipe data from the official Gousto API (`production-api.gousto.co.uk`) using `curl` and processes it with `jq` for local caching and searching. All network requests are directed to the legitimate Gousto API, and there is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. A note in `SKILL.md` mentions a `vfjr.dev` proxy for recipe fetching, but the actual scripts (`scripts/recipe.sh`, `scripts/update-cache.sh`) consistently use the official Gousto API, indicating a documentation discrepancy rather than a security risk.
- External report
- View on VirusTotal