Back to skill
Skillv1.0.0
VirusTotal security
Number Two Migration · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:31 AM
- Hash
- f29988425e0353470e1ce02327951ed8dfb051b6b0bf00e0a584ededef80f9f3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: number-two-migration Version: 1.0.0 This skill bundle is a 'state migration' package for an agent persona named 'Number Two,' containing a full history, identity, and configuration. It is classified as suspicious due to the inclusion of hardcoded, sensitive credentials in 'install.sh' and 'SKILL.md' (e.g., MOLTBOOK_API_KEY, MANUS_API_KEY, and a JWT_SECRET). Furthermore, the 'AGENTS.md' and 'SOUL.md' files contain high-risk instructions for the AI agent to act autonomously without seeking user permission ('Don't ask permission. Just do.'), which effectively functions as a self-directed prompt injection to bypass human oversight. While the bundle appears to be a backup of a specific user's environment, the combination of hardcoded secrets and instructions for unapproved autonomous action poses a significant security risk.
- External report
- View on VirusTotal