Back to skill
Skillv2.0.0
VirusTotal security
roku · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:02 AM
- Hash
- 12354f5ed6f0a530aaa17743a5387866510bd853143fb197c3416157e8081332
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: roku Version: 2.0.0 The skill is classified as suspicious due to two main indicators. First, the `SKILL.md` documentation describes a `roku bridge install-service` command which installs a persistent native OS service (launchd/systemd). While documented as a feature, installing persistent services is a high-risk capability that modifies the system. Second, the `roku-telegram.py` script connects to the external `api.telegram.org` endpoint using a `TELEGRAM_TOKEN` from environment variables, establishing continuous network communication with an external service. Although these actions align with the stated purpose of controlling a Roku device via a bridge or Telegram, they represent risky capabilities without clear malicious intent, pushing it beyond benign.
- External report
- View on VirusTotal