Back to skill
Skillv1.1.0
VirusTotal security
Skillguard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:06 AM
- Hash
- e9df3be165b75f7b2d2492aee9bdb041d465e1c9375bdbec07f4edef22324f99
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skillguard-audit Version: 1.1.0 The skill's primary function is to send the full source code of other OpenClaw skills to a remote third-party API (api.agentsouls.io) for analysis. While this behavior is explicitly disclosed in the SKILL.md privacy notice, the automated exfiltration of local or downloaded script content via audit.sh and safe-install.sh poses a significant security risk, as it could lead to the exposure of sensitive logic or hardcoded credentials contained within the audited files to an external service.
- External report
- View on VirusTotal