Back to skill
Skillv1.6.1
VirusTotal security
Health Management · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:17 AM
- Hash
- d6902e9e581de75ea4ef2639011eb7a43852135e8784bda3e502d5321b204603
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: health-score-pro Version: 1.6.1 The skill bundle requests high-risk permissions, including shell execution (`exec`) and direct access to sensitive credential directories such as `~/.ssh/` and `~/.gitconfig`. While these are documented as necessary for an optional GitHub backup feature, they represent a significant attack surface for credential theft or unauthorized remote access. Furthermore, the file `scripts/backup-to-github.sh` contains malformed and syntactically broken shell logic, which is a red flag for poor code quality or potential tampering. Although the documentation is transparent about its functionality, the combination of high-privilege access and script execution capabilities makes this bundle suspicious.
- External report
- View on VirusTotal