Back to skill
Skillv1.0.0
VirusTotal security
TokPortal · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:56 AM
- Hash
- c084ac40dd7e1af9d662e7ead5f4b7f441614097ebd043c8e5f0eb7fd7064064
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tokportal Version: 1.0.0 The skill is classified as suspicious due to several high-risk capabilities that could be exploited via prompt injection against the AI agent. Specifically, the `upload_video` and `upload_image` tools (described in SKILL.md) allow the agent to upload local files, creating a clear path for data exfiltration if the agent is compromised. Additionally, the `get_account_detail` tool exposes 'Full credentials' for managed accounts, and the reliance on executing an external `npm` package (`tokportal-mcp`) introduces a supply chain risk. While these capabilities align with the stated purpose, their broad access to local files and credentials presents significant vulnerabilities.
- External report
- View on VirusTotal