Back to skill
Skillv1.0.0
VirusTotal security
Content Research - MCB AI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 5, 2026, 9:01 AM
- Hash
- a4bb47724b585fa292883edc93b6925ea0f0db6f854a1459ee0f38322f928ddb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: content-research-mcbai Version: 1.0.0 The skill instructs the AI agent to read sensitive credentials (TAVILY_API_KEY) directly from the local filesystem (~/.openclaw/.env) and execute arbitrary PowerShell commands via the 'exec' tool to perform network requests to an external API (api.tavily.com). While these actions are functionally aligned with the stated purpose of content research, the use of broad filesystem access and shell execution for secret retrieval and networking is a high-risk pattern. No evidence of intentional exfiltration of unrelated data or malicious persistence was found in SKILL.md or the PowerShell logic.
- External report
- View on VirusTotal