Back to skill
Skillv1.0.0
VirusTotal security
Strava Cycling Coach · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:05 AM
- Hash
- b533100cb45b378c038e6b8d6cd71fa9ab1134217f58fff354a54959af487880
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: strava-cycling-coach Version: 1.0.0 The skill is classified as suspicious due to its use of persistence mechanisms. The `SKILL.md` file explicitly instructs the user to modify `~/.bashrc` to export an environment variable and to set up a cron job using `crontab` for automatic monitoring. While these actions are documented and aligned with the stated purpose of the skill (automatic ride analysis and notifications), modifying user shell profiles and system cron tables constitutes a meaningful high-risk behavior and a form of persistence, which elevates it beyond a benign classification. All network communication is legitimately directed to the Strava API, and there is no evidence of data exfiltration to unauthorized endpoints or malicious prompt injection against the agent.
- External report
- View on VirusTotal