Back to skill
Skillv1.0.1
VirusTotal security
Sport Mode · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:33 AM
- Hash
- d3d7b06194a5e7d1ab8cc5f3d702188dc7db6bb1902e74a7ef2e41e0370f751f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sport-mode Version: 1.0.1 The skill is classified as suspicious due to its powerful capabilities and the significant attack surface it exposes. It modifies the OpenClaw agent's configuration (`~/.openclaw/openclaw.json`) using `openclaw config set` to alter its heartbeat frequency (scripts/sport-mode.sh). More critically, the skill writes user-provided task instructions directly into `HEARTBEAT.md`, and the documentation (SKILL.md, README.md) explicitly confirms that the OpenClaw agent is designed to parse and execute commands embedded within this file (e.g., `run: \`command\``). This makes the skill a direct conduit for user-supplied prompt injection, enabling the execution of arbitrary commands by the agent. While these capabilities are central to the skill's stated purpose, they represent high-risk behaviors without clear malicious intent from the skill itself, fitting the 'suspicious' threshold.
- External report
- View on VirusTotal