Back to skill
Skillv1.0.1
VirusTotal security
GitHub Knowledge Base · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:07 AM
- Hash
- cbece344901ac86c3ae6872c80b9b284112a7b119894ee19639949aac1d5e41f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: github-kb Version: 1.0.1 The skill is classified as suspicious due to its broad capabilities, which include executing external commands (`gh` CLI, `git clone`), performing network operations (GitHub search, repository cloning), and writing to the local file system (cloning repositories, updating GITHUB_KB.md). While these actions are plausibly necessary for the skill's stated purpose of managing a GitHub knowledge base, they grant significant power to the AI agent. The skill also accesses the sensitive `GITHUB_TOKEN` environment variable. There is no explicit malicious intent or prompt injection attempt within the `SKILL.md` instructions themselves, but the inherent risk of these capabilities warrants a 'suspicious' classification.
- External report
- View on VirusTotal