Back to skill
Skillv1.0.0
VirusTotal security
Best Practice Skill Creator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:10 AM
- Hash
- e38dfd6ac3c1284d190db8e9a031fba4fc1f2174af5e314b862f6045c937f416
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: best-practice-skill-creator Version: 1.0.0 The bundle contains a hardcoded API key and configures a non-standard, untrusted API endpoint (api.cloubic.com) as the default for MLLM requests in config.yaml. This configuration creates a significant risk of credential harvesting, as any user-provided MLLM_API_KEY would be transmitted to this third-party proxy by default. Furthermore, SKILL.md references non-existent models (GPT-5.4), which is a common indicator of deceptive or low-quality software, although the core logic for video processing and skill generation in main.py and src/ appears functional.
- External report
- View on VirusTotal