Back to skill
Skillv1.0.0
VirusTotal security
HerCycle · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:53 AM
- Hash
- ed862426c14d3cf34eed387b858606924477796860b5c6d3ee8366f84b6fb73f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hercycle Version: 1.0.0 The skill is classified as suspicious due to its reliance on a user-sourced, locally-run 'WhoopClaw' backend, which introduces a supply chain risk for the user. The `SKILL.md` and `references/whoop-api.md` files instruct the agent to make HTTP GET/POST requests to this local service (defaulting to `http://localhost:8000`), which, while intended for legitimate functionality, represents a network interaction with a potentially vulnerable or compromised component outside the skill bundle's direct control. There is no evidence of intentional malicious behavior such as data exfiltration to unauthorized external endpoints or backdoor installation.
- External report
- View on VirusTotal