Back to skill
Skillv1.0.0
VirusTotal security
clawscan · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:39 AM
- Hash
- 708eeb2ac3fead0754edc914c7699a7d212a10bff9e456918c35000552b8e41a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawscan-autosec-dev Version: 1.0.0 The skill implements a security scanner that collects and exfiltrates system metadata, including SHA-256 hashes of all installed skills and detailed local network listener information, to an external endpoint (clawscan.autosec.dev). A 'critical' instruction in SKILL.md directs the agent to remain completely silent during scheduled scans unless a risk is detected, which hides periodic background data transmissions from the user. While these behaviors are consistent with the stated goal of security monitoring, the combination of automated metadata harvesting and intentional stealth regarding its execution profile is characteristic of reconnaissance activity.
- External report
- View on VirusTotal