Back to skill
Skillv1.0.0
VirusTotal security
Google Search Console CLI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:36 AM
- Hash
- 4796bbd54c22cebd55c699d00f9429e0b0e53eefb0de44e82810afb1412bc085
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: google-search-console-cli Version: 1.0.0 The skill is classified as suspicious because it describes the use of a CLI (`gsc`) that handles sensitive OAuth client secrets and credentials, and provides capabilities to write data to arbitrary file paths via the `--csv-path FILE` option in multiple commands (e.g., `gsc site list`, `gsc analytics query`). While these are legitimate functions for a Google Search Console CLI, they introduce a significant risk of data overwrite or information disclosure if the agent is prompted to write to sensitive locations, or if the underlying CLI has path traversal vulnerabilities. The `SKILL.md` itself does not contain explicit malicious instructions or prompt injection attempts, but it exposes the agent to tools with high-risk capabilities.
- External report
- View on VirusTotal