Back to skill
Skillv1.5.0
VirusTotal security
Roster · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:02 AM
- Hash
- 0491822d89b1bd3ae19e416c396cc85b2d584ec61cd19a489fb61802ad5c10c6
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: roster Version: 1.5.0 The 'roster' skill is a legitimate tool designed to manage shift schedules by synchronizing CSV data with a GitHub repository. It utilizes a set of shell scripts (e.g., push-to-github.sh, get-employees.sh) to interact with the GitHub API, and the SKILL.md provides detailed, context-specific instructions for the AI agent to handle complex business logic like minor protection and trainer assignments. While the skill requires sensitive environment variables (GITHUB_TOKEN) and handles employee PII, the implementation uses defensive coding practices (such as using Python for safe JSON/Base64 processing within shell scripts) and the documentation explicitly emphasizes security best practices, including the use of private repositories and fine-grained access tokens.
- External report
- View on VirusTotal