Back to skill
Skillv1.0.0
VirusTotal security
Email Extractor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:13 AM
- Hash
- a19b00bb4d50980990715e54a7af12af654156418b1e3056cbd4f3922987b2ed
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: email-extractor Version: 1.0.0 The skill performs email extraction from text or URLs as described, but it is classified as suspicious due to the risk of Server-Side Request Forgery (SSRF) in handler.py, where requests.get() fetches user-provided URLs without destination filtering. Additionally, SKILL.md contains a hardcoded API key (sk_93c5...) that is not utilized in the code, and the handler hardcodes a 'paid' status, which is inconsistent with the stated USDT pricing model.
- External report
- View on VirusTotal