Back to skill
Skillv1.0.1
VirusTotal security
Direct Analysis · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:04 AM
- Hash
- 3d690b9759cc9c5058f1742335fe0ff72955582b8169d20c084bf2f455697c75
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: direct-analysis Version: 1.0.1 The skill declares a dependency on `curl` in `SKILL.md`, granting it network access capabilities. Additionally, it explicitly states its intention to use `YANDEX_TOKEN` and `CLIENT_LOGIN`, which are sensitive credentials. While these capabilities might be necessary for the stated purpose of analyzing Yandex.Direct campaigns, the combination of network access and credential handling, without the actual code to verify its benign usage, represents a significant attack surface and potential for data exfiltration or unauthorized actions if the underlying implementation were malicious or vulnerable. This falls under 'risky capabilities without clear malicious intent'.
- External report
- View on VirusTotal