Back to skill
Skillv1.0.0
VirusTotal security
Lead Scorer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:55 AM
- Hash
- ef1057c1072582a52e74588d6e3028d7f92dacc048316e992584c498e7f8eec9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lead-scorer-pro Version: 1.0.0 The skill is classified as suspicious due to a critical vulnerability in the `get_sheet` function within `SKILL.md`. If the specified Google Sheet does not exist, the code creates a new spreadsheet and immediately shares it with `perm_type="anyone", role="writer"`, making it publicly writable. This could lead to unauthorized data modification or leakage of the lead scoring data, which may contain sensitive business information. While the core functionality of scoring leads and writing to Google Sheets is aligned with the stated purpose, this default public sharing poses a significant security risk.
- External report
- View on VirusTotal