Back to skill
Skillv1.0.0
VirusTotal security
Moss Skill-9 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:15 AM
- Hash
- adbb14bb7010dac9b24089d50e10d3b36d941024bf81137adc778254cbaf9dcd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moss-skill-9 Version: 1.0.0 The skill installs a toolset from a remote GitHub ZIP (https://github.com/Panniantong/agent-reach/archive/main.zip) and provides high-risk capabilities, including automated extraction of authentication cookies from the local Chrome browser via the `agent-reach configure --from-browser chrome` command. While these features are plausibly intended to enable agent access to platforms like Twitter, LinkedIn, and XiaoHongShu as described in `SKILL.md`, the programmatic harvesting of browser credentials and the execution of remote installation scripts represent significant security risks that could be repurposed for credential theft.
- External report
- View on VirusTotal