Back to skill
Skillv0.84.0
VirusTotal security
agent-bom discover gcp · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 2:01 AM
- Hash
- e02b51b361f60e1bc2493d4f636576661f20a604ae1b94552d1108909f119758
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-bom-discover-gcp Version: 0.84.0 The skill is designed for GCP resource discovery and inventorying but requires high-risk access to sensitive local authentication files, including `~/.config/gcloud/credentials.db` and `application_default_credentials.json`. While the `SKILL.md` documentation includes security guardrails (e.g., prohibiting the printing of tokens) and the behavior is aligned with the stated purpose, the explicit targeting of raw credential databases for automated processing is a high-risk capability that warrants caution.
- External report
- View on VirusTotal