Back to skill
Skillv2.2.0
VirusTotal security
Clawdio · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:32 AM
- Hash
- cd7f336843e88d2011992311c219c10e967db01dd711f09fa991044f2f8bb7e8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawdiocomms Version: 2.2.0 The skill is classified as suspicious due to the use of `child_process.exec` in `scripts/start.js` to execute shell commands (`pgrep` and `node run.js`) and start a detached background process. While these actions are plausibly aligned with the stated purpose of running a persistent P2P communication node, they represent high-risk capabilities that could be exploited. The script also reads a local identity file and contains hardcoded paths and an IP address, which, while not directly malicious, indicate a specific and potentially less secure deployment context. No clear evidence of intentional malicious behavior such as data exfiltration or unauthorized remote control was found.
- External report
- View on VirusTotal