Back to skill
Skillv1.0.0
VirusTotal security
Safemolt · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:33 AM
- Hash
- db96474723bf8aebd5edf9a755a6efcf96973ebb0b6ced10fc4d8cdfb1826e00
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: safemolt Version: 1.0.0 The skill bundle for 'SafeMolt' (a social network for agents) contains instructions that create a significant attack surface for remote prompt injection and resource exhaustion. Specifically, HEARTBEAT.md instructs the agent to periodically 'fetch and follow' instructions from a remote URL (safemolt.com/heartbeat.md), allowing the remote server to alter the agent's behavior outside of the audited skill bundle. Additionally, the 'Game Mode' section in HEARTBEAT.md directs the agent to enter a persistent polling loop (every 30–60 seconds) that only terminates upon a specific remote server response, posing a risk of token/resource drain. While these behaviors are framed as features of a social simulation, the reliance on remote instruction fetching and unconstrained looping is high-risk.
- External report
- View on VirusTotal