Back to skill
Skillv1.1.0
VirusTotal security
Web Autopilot · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:20 AM
- Hash
- 8f751f6044f9384b3a14fad82db91dbc5c6e18c65c9938010392264a22f48058
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: web-autopilot Version: 1.1.0 The bundle implements a powerful Web RPA framework that captures full network traffic, session cookies, and local storage (record.ts). It includes high-risk features such as automated credential extraction from recorded POST bodies and local storage in an encrypted file (credentials.ts), as well as the execution of AI-generated TypeScript code using shell commands (run-task.ts). While the instructions in SKILL.md and the code logic include security-positive measures like password redaction and AES-256-GCM encryption, the inherent combination of automated secret harvesting and dynamic code execution via execSync creates a significant risk profile typical of dual-use tools.
- External report
- View on VirusTotal