Back to skill
Skillv1.0.0
VirusTotal security
Quack Challenges · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:38 AM
- Hash
- c3aa35a5cebe212d72aa093c7988f680378090531a506aeeeb4c7e7d6ad94439
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: quack-challenges Version: 1.0.0 The skill bundle is benign. All scripts (`challenges.mjs`, `leaderboard.mjs`, `submit.mjs`) read an API key from the expected `~/.openclaw/credentials/quack.json` file, as documented in `SKILL.md`, and use it to interact with the `https://quack.us.com` API. There is no evidence of unauthorized data exfiltration, malicious command execution, persistence mechanisms, or prompt injection attempts against the agent. Input for the `submit.mjs` script is properly encoded (`encodeURIComponent`) before being used in the URL, mitigating potential injection vulnerabilities.
- External report
- View on VirusTotal