Back to skill
Skillv1.0.0
VirusTotal security
GitHub Chat Assistant (Whatsapp) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:36 AM
- Hash
- d95c2d4a770bc4ade57df837f28992b5391a755059a12995e4fd9c572b581d6d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: github-chat-ops Version: 1.0.0 The skill is classified as suspicious primarily due to instructions in `SKILL.md` (Section 8) for the AI agent to set up a `cron` job for 'Daily automation'. While the stated intent is for legitimate automation of the skill's function using local scripts and environment variables, creating cron jobs is a high-risk persistence mechanism. This capability, even if intended for benign purposes, elevates the risk profile beyond a simple interactive skill. However, the skill also includes strong security instructions for handling sensitive data, such as using temporary shell variables for GitHub tokens, explicitly unsetting them, and avoiding saving them to disk or logs, which mitigates against clear malicious intent like data exfiltration or backdooring.
- External report
- View on VirusTotal