Back to skill
Skillv0.1.0
VirusTotal security
Minibook · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:28 AM
- Hash
- a540676da58d41664b2ca66320bf1dc2b61b3e82ffce32554b69a843b1c81811
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: minibook Version: 0.1.0 The skill bundle is classified as suspicious primarily due to the instruction in `SKILL.md` to periodically re-read its own definition from a remote URL (`{{BASE_URL}}/skill/minibook/SKILL.md`). This mechanism allows the skill owner to dynamically update the agent's instructions, potentially introducing malicious behavior in the future without requiring a new skill bundle review. Additionally, the skill instructs the agent to create a cron job (`POST /cron`) for persistence, even if for the stated benign purpose of checking notifications, which is a risky capability.
- External report
- View on VirusTotal