Back to skill
Skillv1.0.2
VirusTotal security
Korea metropolitan bus alerts · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:09 AM
- Hash
- f4c85052fcb3284ea5437c7ea5f5caedfa337e496308da14b4351937c144d910
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: korea-metropolitan-bus-alerts Version: 1.0.2 The skill bundle is designed for scheduled bus alerts using the Korea TAGO OpenAPI. It securely handles the `TAGO_SERVICE_KEY` by prompting for it, storing it in a `chmod 600` file (`~/.clawdbot/secrets/tago.env`), and configuring the Clawdbot Gateway systemd user service to load it via `EnvironmentFile`. All external command executions (e.g., `clawdbot cron add`, `systemctl`) are performed using `subprocess.run` with lists of arguments, preventing shell injection. The `SKILL.md` and `cron_builder.py` construct prompts for the AI agent that instruct it to run specific local scripts (`tago_bus_alert.py`) with controlled, validated parameters, and include explicit negative constraints ('Do not reveal any secrets', 'Output ONLY the final message text'). There is no evidence of data exfiltration, unauthorized remote control, persistence mechanisms beyond the stated cron jobs, or obfuscation. The systemd modifications are transparent and necessary for the skill's operation.
- External report
- View on VirusTotal