Back to skill
Skillv1.0.0
VirusTotal security
Ganidhuz-FoxX ยท External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:37 AM
- Hash
- 031edb90ab6315c23ad6675b23e26a3a5f036217b50d349dc5c6f87b735417f9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ganidhuz-foxx Version: 1.0.0 The skill bundle contains a script (`export-x-cookies.sh`) that terminates the Firefox process and extracts sensitive session cookies from the user's local `cookies.sqlite` database. While this is documented as a feature to enable authenticated browsing on X/Twitter without an API key, the automated extraction of session tokens is a high-risk behavior. The Playwright automation script (`playwright-firefox-control.py`) provides a generic interface to perform arbitrary actions using these credentials, which could be leveraged for unauthorized account access if the agent is misdirected.
- External report
- View on VirusTotal