Back to skill
Skillv1.0.0
VirusTotal security
Subscription Sentinel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:34 AM
- Hash
- 1f5e3f605e7c8b25170ffe844a54a7e558588f2b81448270173d997c8741b53a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: subscription-sentinel Version: 1.0.0 The skill requests high-privilege access to sensitive user data (emails) and browser control to automate subscription cancellations. While its behavior aligns with the stated purpose, it instructs the agent to use high-risk execution patterns for data persistence, specifically suggesting the use of shell commands (`exec` via `echo`) to manage `subscriptions.json` in `scripts/data_manager.md`. This creates a significant vulnerability where malformed or malicious content within an email receipt could lead to command injection or local file manipulation, though no clear evidence of intentional malice or exfiltration was found.
- External report
- View on VirusTotal