Back to skill
Skillv1.0.0
VirusTotal security
ohmyopenclaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:44 AM
- Hash
- 4b53cf7e0edc67be1a87018f606d887495f80e998c237a9d8863b6c19ee34077
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ohmyopenclaw Version: 1.0.0 The skill bundle is classified as suspicious due to its extensive use of high-risk capabilities, including direct shell command execution, modification of the agent's core configuration (`openclaw.json`), creation of executable scripts (`check-costs.sh` in `guides/cost-optimization.md`), and instructions to create/modify sensitive files like `~/.openclaw/.env` (in `guides/chinese-providers.md`). Furthermore, `guides/monitor.md` configures autonomous scheduled tasks (cron jobs) for the AI, enabling it to perform actions without direct user prompting. While these actions are presented as legitimate configuration steps for an AI agent, they represent significant vulnerabilities if the skill bundle were malicious or if the agent were susceptible to prompt injection, as they grant broad control over the system and the agent's behavior. There is no clear evidence of intentional malicious behavior (e.g., data exfiltration, backdoors) within the provided files, but the inherent power and potential for misuse make it suspicious.
- External report
- View on VirusTotal