Back to skill
Skillv0.1.5
VirusTotal security
Scrape Emails By URL · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:49 AM
- Hash
- 850c5ca6ee0501edf6c5b7e97526823ffbeb27ec02b36585ed22ecc51ad257e7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: find-emails Version: 0.1.5 The skill is classified as suspicious primarily due to the explicit allowance of the `Shell` tool in `SKILL.md`. While the Python script (`scripts/find_emails.py`) itself appears benign and performs its stated purpose of web crawling and email extraction without direct malicious code or obvious shell injection vulnerabilities, the `Shell` permission grants the AI agent the capability to execute arbitrary commands. This creates a significant attack surface for prompt injection against the agent, even if the skill's own instructions do not explicitly direct malicious shell usage. The 'Use Case Example' in `SKILL.md` also contains marketing links (e.g., socialcrow.co) which, while not malicious code, are unusual and spammy for a skill description.
- External report
- View on VirusTotal