Back to skill
Skillv1.0.0
VirusTotal security
Omi Integration · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:08 AM
- Hash
- e59913323733b22d0dbab75f29641981f8bb7784633d077b9d4ab7ca21c15c8f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: omi-integration Version: 1.0.0 The skill implements a recording sync and real-time webhook system for Omi wearables, but exhibits high-risk behaviors including the automated setup of an ngrok tunnel (setup-ngrok.sh) and a background Python web server (webhook-server.py) that executes shell scripts. Furthermore, omi-webhook-handler.sh contains a path traversal vulnerability where it creates directories and writes files based on unvalidated recording_id fields from external webhook payloads, which could be exploited to write data outside the intended storage directory. While these features are aligned with the stated purpose of real-time integration, the combination of a public-facing tunnel and unvalidated file path construction presents a significant security risk.
- External report
- View on VirusTotal