Back to skill
Skillv1.0.0
VirusTotal security
geo-quickhook · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:36 AM
- Hash
- 1c4ef497e6f748d669c72657dbf3b38f09631b95fd962c7888725efbe9c681d6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: geo-quick-hook Version: 1.0.0 The skill bundle is designed for competitive brand visibility analysis but contains a high-risk procedural vulnerability in its report delivery flow. In SKILL.md, the instructions command the agent to launch a Python HTTP server (`python3 -m http.server`) directly on the user's `~/Desktop` directory to facilitate a screenshot. This action unnecessarily exposes the entire contents of the user's Desktop to the local network on port 18899. While the core logic in `scripts/quick_hook.py` appears benign and aligned with the stated sales-enablement purpose, the broad directory exposure via a network socket is a significant security flaw.
- External report
- View on VirusTotal