Back to skill
Skillv1.0.0
VirusTotal security
Email Reader · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:27 AM
- Hash
- 2ead88ebaf97fc4c9abc615ee54396209934fccf0d42075b218d11ca9cb2a5b0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: email-reader Version: 1.0.0 The skill is designed for legitimate email management using the `himalaya` CLI tool. However, it instructs the AI agent to install software and execute shell commands (`himalaya` commands) based on user input. While the `SKILL.md` includes positive security recommendations (e.g., using environment variables for sensitive data), the inherent design of an AI agent executing unsanitized user input in shell commands creates a significant risk of shell injection (RCE vulnerability). There is no direct evidence of malicious intent like data exfiltration or persistence within the provided files, but the capability to execute arbitrary commands via injection makes it suspicious.
- External report
- View on VirusTotal