Back to skill
Skillv1.0.0
VirusTotal security
Fathom · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:01 AM
- Hash
- 515d9995f823cb2af3f097dfe8ba84dd7e62ca92e989375fb04fe13ff67beb05
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: fathom Version: 1.0.0 The OpenClaw AgentSkills skill bundle for Fathom AI appears benign. All scripts (`get-summary.sh`, `get-transcript.sh`, `list-calls.sh`, `search-calls.sh`, `setup-webhook.sh`, `setup.sh`) consistently interact with the legitimate Fathom AI API (`https://api.fathom.ai/external/v1`) using `curl`. API keys are handled securely by reading from `FATHOM_API_KEY` environment variable or `~/.fathom_api_key`. There is no evidence of data exfiltration to unauthorized endpoints, malicious command execution (e.g., `curl|bash`), persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md` or other files. The `setup-webhook.sh` script allows registering webhooks to user-provided URLs, which is a legitimate feature and not indicative of malicious intent by the skill itself.
- External report
- View on VirusTotal