Back to skill
Skillv2.0.0
VirusTotal security
Moodle Connector · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 6:46 AM
- Hash
- ef830fa55242b1ccf6f080edf64045d9f0c24f508e8698a28381d2dbf41033d6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moodle-connector Version: 2.0.0 The skill bundle contains a significant security vulnerability: a hardcoded default encryption password ('test-pass') is used in 'mcp_server.py' and 'batch_downloader.py' to protect the local credential store, contradicting the documentation's claim that an environment variable is required. Additionally, 'moodle_connector.py' utilizes Playwright for browser automation to scrape authentication tokens from Moodle SSO/MFA flows; while this is aligned with the stated purpose of handling enterprise authentication, browser automation and token scraping are high-risk capabilities in an AI agent context. The discrepancy between the security instructions in 'SKILL.md' and the actual implementation in 'mcp_server.py' warrants a suspicious classification.
- External report
- View on VirusTotal