Back to skill
Skillv1.0.14
VirusTotal security
Email Resend · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:26 AM
- Hash
- 122e9c762eaa633cfb643938926958ba284286185f509de61199114d61e72934
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: email-resend Version: 1.0.14 The skill is classified as suspicious due to several powerful capabilities that, while aligned with its stated purpose, present significant vulnerability risks. Specifically, `scripts/configure-cron.py` can add and delete `openclaw cron` jobs, allowing modification of scheduled tasks. `scripts/download_attachment.py` can write arbitrary files to the filesystem (attachments), and `scripts/outbound.py` can read arbitrary local files (attachments) for exfiltration via email. While the `SKILL.md` and `cron-prompts/email-inbound.md` contain strong, explicit instructions to the agent to prevent sensitive file scanning and unauthorized actions, these underlying code capabilities could be exploited if the agent is compromised or instructed maliciously, even if the current prompts aim to prevent this.
- External report
- View on VirusTotal