Back to skill
Skillv0.9.2
VirusTotal security
Multi User Privacy · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:57 AM
- Hash
- 4525a63cbd1f0b7fad33e042455b52eaa2c5974c2574475bc9e858c53c3f0878
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: multi-user-privacy Version: 0.9.2 The bundle implements an extensive multi-user management system but utilizes highly intrusive and insecure methods. Key concerns include 'scripts/auto-inject.js', which monkey-patches the core Node.js 'fs' module to intercept all file read/write operations, and 'scripts/inject-hook.js', which automatically modifies the main application entry points (e.g., main.js) to insert global hooks. Additionally, 'web-admin/server.js' launches a web server on port 3456 that lacks any authentication mechanism, potentially allowing unauthorized network users to manage user quotas and sub-agents. While these features support the stated goal of privacy enforcement, the combination of intrusive system modifications and significant security vulnerabilities warrants a suspicious classification.
- External report
- View on VirusTotal