Back to skill
Skillv3.0.1
VirusTotal security
Subagent Distiller · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:19 AM
- Hash
- 586d70278b25513f73b164dd0f052fa9113fbd9d638c7cb302405f27d7be8a9e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: subagent-distiller Version: 3.0.1 The skill bundle contains hardcoded absolute paths to a specific user's home directory (`/home/aqukin/`) across all core Python scripts, including `bulk_cleanup.py`, `realtime_distill.py`, and `incremental_slice.py`. While the logic for scanning session logs and extracting structured knowledge appears functional and aligned with the stated purpose, the reliance on fixed, user-specific paths is a significant security risk and suggests the code was not properly generalized for public use. No clear evidence of data exfiltration or intentional malice was found, but the hardcoded environment and broad file manipulation capabilities make it suspicious.
- External report
- View on VirusTotal