Back to skill
Skillv1.0.0
VirusTotal security
Pub Clawddocs · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:57 AM
- Hash
- 21008636a69744dfa64f9754124ecf26a8c57e85ea786cf1cddb14217f8b0562
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawddocss Version: 1.0.0 The skill bundle acts as a wrapper for the 'SkillBoss' API (heybossai.com), which claims to provide access to high-risk tools like SMS verification, email sending, and web scraping. A significant red flag is the inclusion of non-existent or unreleased models (e.g., 'openai/gpt-5', 'bedrock/claude-4-6-opus', and 'vertex/gemini-3'), which may serve as a deceptive lure to collect user API keys. Additionally, the documentation frequently references an external script 'run.mjs' that is not included in the bundle, making the intended execution flow opaque and potentially unsafe.
- External report
- View on VirusTotal