Back to skill
Skillv1.0.0
VirusTotal security
OADP Beacon · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:50 AM
- Hash
- 84119bfedef1ca14d6cdf4cc3907043ebd4263bddfce714a5e193ffe5b07b58a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: oadp-beacon Version: 1.0.0 This skill is classified as suspicious due to its high-risk capabilities, despite aligning with its stated purpose of 'agent discoverability'. The `scripts/beacon-setup.sh` script, instructed by `SKILL.md`, modifies the agent's `HEARTBEAT.md` file to include recurring `curl` commands that establish persistent outbound network connections to `https://onlyflies.buzz/clawswarm/api/v1`. It also exfiltrates the agent's `hostname` to this external domain during a 'ping' operation. While these actions are transparently declared and serve the skill's stated function, they represent significant modifications to the agent's operational environment and network behavior, posing a risk if the external endpoint were compromised or if the skill's intent were to shift.
- External report
- View on VirusTotal