Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw Setup on AWS (Free Tier) - Memory Upgrade · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:14 AM
- Hash
- f4b76a127de403a79d3d240c9e97a0403fba1c29abfc62633fdccf5eacc91a34
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-setup Version: 1.0.0 The skill instructs the AI agent to collect highly sensitive information (AWS account access, Anthropic, Groq, OpenAI API keys, Telegram bot token, Google Cloud credentials) directly from the user. It then directs the agent to SSH into the user's server using a provided `.pem` key and execute numerous `sudo` commands, including fetching and executing scripts from external sources (`curl -fsSL ... | sudo -E bash -` for Node.js, `git clone` and `make build` for `gogcli`). While these actions are plausibly necessary for the stated purpose of setting up a personal AI assistant on AWS, the extensive collection of credentials and the broad, privileged execution capabilities granted to the AI agent on the user's server represent significant security risks, classifying it as suspicious due to high-risk capabilities without clear malicious intent. All these instructions are found in `SKILL.md`.
- External report
- View on VirusTotal