Back to skill
Skillv0.2.0
VirusTotal security
QuantumOS · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:00 AM
- Hash
- 6d95f0a47d1ccb405d2999d825445d482cb8320de1bc1f32ca740940e45cce34
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: quantumos Version: 0.2.0 The skill is classified as suspicious due to two main reasons: 1) The `scripts/setup.sh` file directly accesses and reads the user's `~/.openclaw/openclaw.json` file to extract the `gateway.token`. While this token is used for local configuration (written to `.env.local`), accessing sensitive credentials directly is a high-risk operation that could be exploited if the dashboard itself were compromised. 2) The `SKILL.md` file contains explicit instructions for the AI agent to perform actions like `GET http://localhost:3005/api/mission-control/tasks` and manage tasks, which constitutes prompt injection. Although the objective appears to be legitimate integration with the skill's functionality, this demonstrates a risky capability to directly control the agent's behavior.
- External report
- View on VirusTotal