Back to skill
Skillv1.0.2
VirusTotal security
CardDAV Contacts · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:47 AM
- Hash
- 0738420203433d0f68f309c883b73abb8cea02d1b4fe6f1cd4ba3b64fd3794d5
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: carddav-contacts Version: 1.0.2 The skill bundle provides instructions for syncing and managing CardDAV contacts using `vdirsyncer` and `khard`. All commands and configuration examples in `SKILL.md` are standard usage for these tools and align with the stated purpose. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. The `vdirsyncer` configuration example uses `password.fetch = ["command", "cat", "~/.config/vdirsyncer/google_app_password"]`, which leverages a powerful feature of `vdirsyncer` allowing command execution for password retrieval. While this mechanism could be a vulnerability if abused with untrusted input, its use here is a standard, documented configuration example for `vdirsyncer` and does not indicate malicious intent from the skill author.
- External report
- View on VirusTotal