Back to skill
Skillv1.0.0
VirusTotal security
Android Smssdk Integration · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 8:41 AM
- Hash
- 7c500216e647fd947e24527e77915d0ab9affc8ac70061d897e241f717648937
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: android-smssdk-integration Version: 1.0.0 The skill bundle automates the integration of the MobTech SMSSDK into Android projects by executing local Python scripts, modifying project build files (Gradle), and running shell commands (./gradlew). While these actions are consistent with the stated purpose, the SKILL.md instructions direct the agent to execute shell commands using a user-provided project path without explicit sanitization, creating a potential shell injection vulnerability. No evidence of intentional malice, such as data exfiltration of the requested API keys (AppKey/AppSecret), was found.
- External report
- View on VirusTotal