Back to skill
Skillv0.84.0
VirusTotal security
agent-bom discover azure · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 2:11 AM
- Hash
- 1d11a9f899caf1261bc472832b5888ccb6ea6bb26b111e423ae591f359f2672a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-bom-discover-azure Version: 0.84.0 The skill bundle requests high-privilege access to sensitive Azure credential files, including the MSAL token cache (~/.azure/msal_token_cache.json), and communicates with Azure management and cognitive service endpoints. While SKILL.md outlines 'read-only' guardrails and data redaction, the primary execution logic resides in a Python script (examples/operator_pull/azure_inventory_adapter.py) that is referenced but not provided in the bundle. The combination of access to authentication tokens and the absence of the source code that processes them prevents verification of the 'discovery-only' claims.
- External report
- View on VirusTotal