Back to skill
Skillv1.0.2
VirusTotal security
Imessage Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:01 AM
- Hash
- 5950d8413fad7c6622e509dfa34d2f5170ca758583f87fb257eaf491897f860f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: imessage Version: 1.0.2 The skill implements a remote control feature that allows an administrator to execute whitelisted commands (e.g., `openclaw status`, `npx clawhub list`) on the host machine via iMessage. This functionality, detailed in `SKILL.md` and implemented in `scripts/main.py` using `subprocess.run`, introduces a significant remote attack surface. Although the feature is documented, disabled by default, requires explicit admin configuration, and includes command whitelisting/blacklisting, the inherent capability for remote command execution makes it a high-risk component, classifying it as suspicious due to its potential for abuse if the designated admin's iMessage account is compromised.
- External report
- View on VirusTotal