Skillv1.0.0

VirusTotal security

Hellofresh · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewMar 24, 2026, 5:06 PM

Hash: c977672633f6f5d1374861737472d4d4702eb0847602bf0e23ba7d3df08af977
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: hellofresh Version: 1.0.0 The skill bundle contains a significant data leak in IMPLEMENTATION_NOTES.md, which includes hardcoded PII such as a specific phone number (+18194482636), subscription IDs, and delivery instructions. Additionally, handler.ts is incomplete and references an undefined function 'checkShipmentAlert', which would cause the agent to fail during notification tasks. While the browser-based automation logic for HelloFresh appears functionally aligned with the description, the inclusion of real-world testing data and incomplete code constitutes a security and stability risk.
External report: View on VirusTotal