Back to skill
Skillv1.0.3
VirusTotal security
Familysearch · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:36 AM
- Hash
- 9aebb6efbe826d4f38f694110ae134f9f61256c8389b0ff69ad9304e1e91a367
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: familysearch Version: 1.0.3 The skill bundle is benign. It implements its stated purpose of interacting with the FamilySearch API and parsing local GEDCOM files. The `familysearch.py` script uses `subprocess.run` to securely retrieve credentials from the macOS Keychain, which is a legitimate and controlled use of system commands. Network requests are confined to the official FamilySearch API domain. The `gedcom_query.py` script is a self-contained parser for local files, with no external dependencies or dynamic code execution. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection against the agent, or obfuscation. Any potential vulnerabilities (e.g., DoS from malformed GEDCOM files, hypothetical server-side path traversal via API parameters) are inherent risks of processing untrusted input or interacting with external services, not indicators of malicious intent within the skill itself.
- External report
- View on VirusTotal