Back to skill
Skillv3.6.7
VirusTotal security
☤CaduceusMail · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:14 AM
- Hash
- fcff942757cd022fc8ded1746d43d87e98bee82a9683836b9cb49fd5a97998a6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: caduceusmail Version: 3.6.7 The skill manages high-privilege enterprise infrastructure (Microsoft 365/Entra and Cloudflare DNS), requiring sensitive credentials such as ENTRA_CLIENT_SECRET and CLOUDFLARE_API_TOKEN. While the implementation demonstrates excellent security hygiene—including integrity verification of the vendored 'caduceusmail-3.6.7.tgz' in 'scripts/ensure-caduceusmail.sh' and strict environment isolation using 'env -i' in 'scripts/run.sh'—the inherent capability to mutate DNS records and mail configurations is classified as a high-risk capability.
- External report
- View on VirusTotal