Back to skill
Skillv1.0.0
VirusTotal security
Lead List Builder Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 4:54 AM
- Hash
- 2a4cbb60cb711fb729f157f8f3155e6253a5e5e7e72139bbc8e0d997b5087ab5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lead-list-builder Version: 1.0.0 The skill requires access to multiple sensitive API keys (Serper, PageSpeed, Hunter, DataForSEO) and Google service account credentials (`GOOGLE_CREDS_FILE`) with Editor access to Google Sheets and Drive, as detailed in `SKILL.md` and `references/setup-guide.md`. While these broad permissions are plausibly needed for the stated purpose of building a lead list and writing to a Google Sheet, they represent significant high-risk capabilities. The instructions for the AI agent in `SKILL.md` are clear and do not contain any prompt injection attempts or explicit malicious intent, but the inherent risk associated with handling such sensitive credentials and broad API access warrants a 'suspicious' classification.
- External report
- View on VirusTotal