Back to skill
Skillv1.0.0
VirusTotal security
kmong · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:46 AM
- Hash
- 7515d335d94456e9a545b455ca8b461a69e04c0e18d8a81c1fe8f5b2e972de4d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kmong Version: 1.0.0 The skill is classified as suspicious due to its instructions for handling highly sensitive Personally Identifiable Information (PII) such as name, birthdate, phone number, and the 7th digit of a Social Security Number during identity verification. Additionally, it instructs the agent to access email credentials from `~/.secrets/kmong.env`, a local file, and extensively uses the powerful `evaluate` command for direct DOM manipulation. While these capabilities are presented as necessary for the stated purpose of automating Kmong registration, they introduce significant attack surface and data handling risks, even without explicit instructions for malicious exfiltration or unauthorized actions within the `SKILL.md` file.
- External report
- View on VirusTotal