Back to skill
Skillv0.3.1
VirusTotal security
Jack Cloud · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:34 AM
- Hash
- 7834343af26f05c64589fb9810e53cb57abb7429cafdb8c42a6286ad5c0e750f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: jack-cloud Version: 0.3.1 The skill is classified as suspicious due to its broad `allowed-tools` permissions, specifically `Edit`, which grants write access to the file system. Additionally, the skill explicitly instructs the agent to install an external CLI (`@getjack/jack` via npm) and use commands like `jack ship` which upload user source code to `control.getjack.org`. The `jack db execute` command also allows arbitrary SQL execution. While these capabilities are plausibly needed for the stated purpose of deploying web services, they introduce significant security risks if the agent is compromised or misused, without clear evidence of intentional malicious behavior from the skill bundle itself.
- External report
- View on VirusTotal