Back to skill
Skillv0.1.0
VirusTotal security
Personaldatahub · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:39 AM
- Hash
- 2fad92d0592ff3cad739d280abbcb45eb031cb21644ec6354084ff0a76849683
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: personaldatahub Version: 0.1.0 The skill is classified as suspicious due to significant discrepancies between the provided `src` (source) and `dist` (compiled) files, particularly concerning API key handling and configuration loading (`src/hub-client.ts` vs `dist/hub-client.js`, `src/index.ts` vs `dist/index.js`, `src/setup.ts` vs `dist/setup.js`). While the `dist` code (which would be executed) appears to implement the stated functionality of interacting with a local PersonalDataHub and includes security features like API key authentication and owner approval for actions, the lack of transparency and reproducibility between `src` and `dist` is a critical supply chain vulnerability. Additionally, the `SKILL.md`'s `install` command includes `cd ../../`, which is an overly broad directory change that could lead to unintended side effects during installation, although the subsequent commands (`pnpm install`, `npx pdh init`, `npx pdh start`) are specific to the stated purpose.
- External report
- View on VirusTotal