Back to skill
Skillv1.0.6
VirusTotal security
Built at GrowthX · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:36 AM
- Hash
- d704839affb24338ddcd8b75c3a25f29d44f237e174c22798aab6800bb72cdb9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: growthx-bx-submit Version: 1.0.6 The skill is classified as suspicious due to its explicit instructions for the AI agent to perform high-risk operations, even though they appear aligned with the stated purpose. Specifically, SKILL.md instructs the agent to read various local project files (e.g., `package.json`, `README.md`), execute the `git remote -v` command, and construct a `curl` command to an external API endpoint (backend.growthx.club) using data derived from these local files and user input. While these actions are necessary for the skill's functionality (submitting project details), the direct instruction to execute shell commands and read local files presents a significant vulnerability risk, particularly for potential shell injection if the agent's input sanitization is not robust, or for unintended data exposure if the file access instructions are misinterpreted by the agent.
- External report
- View on VirusTotal