Back to skill
Skillv1.1.0
VirusTotal security
PopUp Referrals · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:07 AM
- Hash
- 8cd22a3042cab84205459aab89bfba7aed454265ebf530d4a09f8f7fc24c7404
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: popup-referrals Version: 1.1.0 The skill is designed for read-only access to referral data from the PopUp API, requiring a `POPUP_API_KEY` for authentication. The `SKILL.md` explicitly states the skill's purpose and, crucially, what it *does not* do (e.g., no sending messages, no social media posting, no contacting vendors), which mitigates prompt injection risks. All described actions are limited to a GET request to `https://usepopup.com/api/v1/organizer/referrals`. There is no evidence of data exfiltration, malicious execution, persistence, or obfuscation. The `README.md` contains benign developer-facing CLI commands for skill management.
- External report
- View on VirusTotal