Back to skill
Skillv1.0.0
VirusTotal security
Hinge Auto-Liker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:30 AM
- Hash
- 995fbdb03b63ec1a8dcb9aadc04743cd8000090902036126b491a334f347d382
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hinge-liker Version: 1.0.0 The skill is designed to automate Hinge interactions using an Android emulator, `adb`, and Google Gemini AI. While its core functionality aligns with the description, it is classified as suspicious due to the extensive use of powerful `adb` commands (screen recording, file pulling, UI interaction) and `curl` for sending data (including `GEMINI_API_KEY` and screenshots) to an external API. Additionally, the `SKILL.md` provides a security anti-pattern by instructing users to 'Hardcode GEMINI_API_KEY in the cron payload' for scheduling, which could expose the API key. These capabilities, while necessary for the skill, present a high-risk attack surface if the skill were compromised or misused, even without clear evidence of intentional malice in the provided code.
- External report
- View on VirusTotal