Back to skill
Skillv0.3.5
VirusTotal security
health-sync · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:12 AM
- Hash
- 31b8ce240369dc30345c9988cdc303f90dfa47a18950f2cddfd94e6de20498d5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: health-sync Version: 0.3.5 The skill is classified as suspicious due to the inherent risks associated with an AI agent generating and executing SQL queries based on user input, and its handling of sensitive user credentials. While the `SKILL.md` and `references/setup.md` documents outline a secure remote bootstrap process for credentials (encrypted archives, no pasting secrets in chat) and explicitly warn about treating local files like `workspace/health-sync/.health-sync.creds` as sensitive, the agent's instruction to 'form SQL' for analysis presents a significant vulnerability surface for prompt injection or SQL injection. The skill itself does not contain malicious code or instructions for harmful actions, but the powerful capabilities and potential for misuse via agent vulnerabilities warrant a 'suspicious' classification.
- External report
- View on VirusTotal