Back to skill
Skillv1.0.0
VirusTotal security
Delivery Notifier · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:17 AM
- Hash
- b375623b21a7542a2e5561661cd73cfa7a04988925440bb3ac9fa67e62411d13
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: delivery-notifier Version: 1.0.0 The skill accesses a user's Gmail inbox to extract delivery information and sends it to a hardcoded WhatsApp number (+40746085791) via the openclaw messaging API. While SKILL.md mentions this number and advises customization, hardcoding a specific recipient for data parsed from private emails is a high-risk pattern. The script (delivery_notifier.py) requires GMAIL_APP_PASSWORD credentials and processes email bodies, posing a significant privacy risk if the user fails to update the target recipient.
- External report
- View on VirusTotal