Back to skill
Skillv1.0.0
VirusTotal security
Strava Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 27, 2026, 3:34 AM
- Hash
- bc0d73180180abcef4119931e784aec471f6dc22a46fe617b558e578e7ae82bc
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: strava-skill Version: 1.0.0 The skill bundle is benign. It provides instructions and API endpoints for an AI agent to interact with the Transition API to access Strava data. All network calls are directed to the legitimate `api.transition.fun` domain, and the `TRANSITION_API_KEY` is used as expected for authentication. There is no evidence of data exfiltration, malicious execution (e.g., `curl|bash`), persistence mechanisms, or prompt injection attempts designed to subvert the agent's intended behavior in `SKILL.md` or `README.md`. The 'Tips for Agents' section in `SKILL.md` offers functional guidance for using the API, not malicious instructions.
- External report
- View on VirusTotal