Skillv1.0.3

VirusTotal security

MoreLogin · External malware reputation and Code Insight signals for this exact artifact hash.

BenignApr 30, 2026, 4:36 AM

Hash: 374ff7a8afd7350056793dc423be74a7e4f5a7610ce2f282d0a32b4aa036c319
Source: palm
Verdict: benign
Code Insight: Type: OpenClaw Skill Name: morelogin Version: 1.0.3 The skill is designed to manage MoreLogin anti-detect browser profiles and cloud phones through their official local API (http://127.0.0.1:40000). All network communication from the skill's core logic (`bin/morelogin.js`, `bin/common.js`, `bin/cloudphone-commands.js`) is directed to this local loopback address. Crucially, the `SKILL.md` and `bin/morelogin.js` explicitly state that the `cloudphone exec` command, which could execute arbitrary shell commands on cloud phones, has been removed from this skill. Furthermore, input validation (e.g., regex for `packageName` in `bin/cloudphone-commands.js`) is present to prevent injection. The documentation also includes clear security instructions for the AI agent, such as not exposing sensitive data and adhering to execution guardrails. While `adb` is a required binary, its use is mediated by the MoreLogin local API, and the skill itself does not directly expose raw `adb` command execution to user input. There is no evidence of intentional harmful behavior, data exfiltration to external endpoints, or persistence mechanisms.
External report: View on VirusTotal