Back to skill
Skillv1.0.2
VirusTotal security
X Knowledge Base · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:10 AM
- Hash
- 79d218a968388ed9ce22f21f1fef6caa217d75a5f10b63fcec34770e30a1c44f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: x-knowledge-base Version: 1.0.2 The skill is classified as suspicious due to several security vulnerabilities and risks, rather than clear malicious intent. Sensitive environment variables (`BIRD_AUTH_TOKEN`, `BIRD_CT0`) are passed directly as command-line arguments in `scripts/fetch_bookmarks.sh`, making them potentially visible in process lists. The skill also heavily relies on external third-party services (Jina AI, MiniMax API, Brave Search API) and an external CLI tool (`bird CLI`), introducing significant supply chain risks. While the skill's stated purpose is benign, these practices represent security flaws that could be exploited.
- External report
- View on VirusTotal