Back to skill
Skillv2.0.0
VirusTotal security
OpenClaw Sync Bridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 23, 2026, 3:31 PM
- Hash
- ea3683d9562d2d78b705cdb856df4a3cc851e395fe913e12b7c30ffceb08a6e6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-sync-bridge Version: 2.0.0 The skill is a synchronization utility that uploads OpenClaw workspace files to GitHub Gists. While it includes safety features such as local backups and an exclusion list for sensitive files (e.g., .env, *.token), it employs several high-risk behaviors: the 'install.sh' script modifies shell configuration files (.bashrc, .zshrc) to create persistent aliases, and the documentation encourages the 'curl | bash' installation pattern. The core functionality involves broad filesystem access and data exfiltration to an external endpoint (api.github.com), which, while aligned with the stated purpose, constitutes a significant attack surface if the GitHub token or the Gist itself is compromised.
- External report
- View on VirusTotal