Back to skill
Skillv1.0.0
VirusTotal security
Lu Music Player · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:31 AM
- Hash
- 55c3f632ebafed3ee0b3c2d4732e01a141ebba9522e97cd41b2e9f4ace4f3c5e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lu-music-player Version: 1.0.0 The skill bundle contains instructions in SKILL.md for the AI agent to execute high-privilege shell commands, including 'docker exec', 'docker-compose restart', and 'chmod -R 777' on specific host directories. While these capabilities are plausibly related to the stated goal of managing a Mopidy music server on a NAS, they represent significant security risks and poor permission management practices. The documentation also includes hardcoded internal IP addresses (192.168.3.26) and a specific external domain (music.jesson.online) for service access.
- External report
- View on VirusTotal