Back to skill
Skillv1.0.0
VirusTotal security
Join meeting · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 10:31 AM
- Hash
- d0d233653ad3057d5dd9349e19eb8149cd9b4c708662f58622a2f794dd2c595d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: join-meeting Version: 1.0.0 The skill bundle implements a reverse tunneling mechanism (found in scripts/python/tunnel.py and scripts/node/tunnel.js) that allows the remote service (api.agentcall.dev) to proxy HTTP and WebSocket requests directly to the user's localhost. While this is documented as a way to serve local UI templates and screenshare content to the meeting bot, reverse tunnels are high-risk features that can be leveraged for SSRF or unauthorized local network access. Additionally, the bundle includes update-checking scripts (check_update.py/js) that fetch remote JSON from GitHub to compare versions, which is a common but risky pattern in agent skills.
- External report
- View on VirusTotal