Back to skill
Skillv0.0.1
VirusTotal security
Goalz über MCP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:51 AM
- Hash
- f1f0f5605f9033995e2d6ad397aa84de7173b2074c7510d5ed8fa8b3936bb197
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: goalz-de Version: 0.0.1 The skill bundle is suspicious due to its high autonomy, self-modification capabilities, and handling of sensitive credentials, which create significant prompt injection risks. The agent is explicitly instructed in `SKILL.md` and `references/playbooks.md` to 'develop itself' and establish/adapt its own recurring 'Cron-Sessions' or automation runs, a powerful capability that could be exploited for persistence or resource abuse. Furthermore, it is allowed to autonomously execute high-risk, irreversible financial and market actions within the game without mandatory human approval, as detailed in `SKILL.md` and `references/modes-and-safety.md`. The agent also requests and manages a sensitive Telegram bot token, as outlined in `SKILL.md` and `references/playbooks.md`, which, despite instructions to treat it as a secret, introduces a sensitive credential handling risk.
- External report
- View on VirusTotal