Back to skill
Skillv1.0.0
VirusTotal security
Comms Hub Bridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:10 AM
- Hash
- 7bf50eaec3086cfbb6366a66276d191212d38dc670f91aff95f2aad1c7d8e9ee
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: comms-hub-bridge Version: 1.0.0 The `scripts/bridge-client.js` file implements an `uploadFile` function that can read and upload any local file specified by its path to the remote Comms Hub server. While intended for 'file sharing' as described in `SKILL.md`, this capability presents a significant data exfiltration risk, as an attacker could prompt the agent to upload sensitive files (e.g., credentials, private keys). This risk is amplified by the `SKILL.md` instruction for the agent to 'process' incoming messages, creating a potential prompt injection vector to misuse the file upload functionality. The configured remote endpoint is `omni-alienware2025.tail2ccb03.ts.net`.
- External report
- View on VirusTotal