Back to skill
Skillv1.1.0
VirusTotal security
Smart Home Unified · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:22 AM
- Hash
- cd44db436d8d804a06ea751c3bb2cef653d112708c8d52819e146dae5f749454
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: smart-home-unified Version: 1.1.0 The skill bundle is classified as suspicious due to its request for highly sensitive credentials, including full account passwords for Xiaomi and Apple ID (HomeKit), rather than restricted API tokens or OAuth. The code in 'platforms/xiaomi.js' and 'platforms/homekit.js' consists mostly of stubs and placeholders (TODOs), contradicting claims in 'SKILL.md' and 'README.md' that 'real API integration' is implemented. Furthermore, the bundle includes an excessive amount of verbose, likely AI-generated documentation (e.g., 'MARKETING_PLAN.md', 'PUBLISH_REPORT.md') that serves no functional purpose and may be intended to create a false sense of legitimacy for a 'credential-catching' shell.
- External report
- View on VirusTotal