Back to skill
Skillv1.0.3
VirusTotal security
threads-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:04 AM
- Hash
- bc77e23128d7dd824d60df8358976c69a92300b030141a94d6c4766728e5ec83
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: threads-skill Version: 1.0.3 The skill bundle is classified as suspicious because SKILL.md provides detailed instructions for an AI agent to execute several Python scripts (e.g., scripts/cli.py, scripts/chrome_launcher.py) that are entirely missing from the bundle, and it references a hardcoded external script path on the user's desktop (~/Desktop/threads-filter-comment/filter-comment.py). This reliance on missing or external code for sensitive tasks like account management, cookie handling, and browser control is a significant security risk. Additionally, _meta.json contains a future-dated timestamp (2026), and the instructions include specific behavioral constraints that override user preferences, such as automatically skipping political content and enforcing Traditional Chinese (IOC: github.com/gaojiongwenv587-beep/threads-skills).
- External report
- View on VirusTotal