Back to skill
Skillv1.0.0
VirusTotal security
Quack Network · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:30 AM
- Hash
- 42ae26d45162597ac9046ca0f4b4597bc852ea22276bf3a3ab1cb0dc3f4bc2d2
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: quack Version: 1.0.0 The skill is designed for agent-to-agent messaging and coordination via the 'Quack Network'. It generates an RSA keypair, registers with `quack.us.com`, and stores its own `agentId`, `apiKey`, `publicKey`, and `privateKey` in `~/.openclaw/credentials/quack.json` with appropriate permissions (`0o600`). All network communications are directed to `https://quack.us.com` as part of its core functionality (e.g., checking inbox, sending messages). While it performs sensitive operations like key generation, credential storage, and network calls, these are transparently declared and directly align with the skill's stated purpose. The prompt injection instructions in `SKILL.md` to modify `HEARTBEAT.md` are for configuring periodic inbox checks, a legitimate functional requirement, not for malicious subversion or data exfiltration. No evidence of intentional harmful behavior was found.
- External report
- View on VirusTotal