Back to skill
Skillv1.2.0
VirusTotal security
Ryot · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:16 AM
- Hash
- cb0f5130b50bcf32da9771cd280abdb4d27b818c37783e8bf7b8e17cd8c9734b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ryot Version: 1.2.0 The skill is classified as suspicious due to the `scripts/setup-automation.sh` script. This script creates persistent cron jobs using the `openclaw cron add` command, a high-privilege action. It also directly incorporates user-provided input (`WHATSAPP_NUMBER`) into the `--to` argument of this command. While the stated purpose of setting up automated reports is benign, the capability to create persistent scheduled tasks and the direct use of unsanitized user input in a command argument for a powerful internal command represents a potential vulnerability (e.g., command injection if `openclaw cron add` is not robustly sanitizing its arguments). This constitutes a risky capability without clear evidence of intentional malicious behavior.
- External report
- View on VirusTotal