Back to skill
Skillv1.1.0
VirusTotal security
Sendook · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:48 AM
- Hash
- fe3b3db62b6379efada76b5efb0bca623321bf0b8bf92f482cb8d022ea4b26ff
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: sendook Version: 1.1.0 The skill is designed for email interaction, which inherently involves sending and receiving data, including attachments. While the capability to read local files for attachments exists (via `readFileSync`), the `SKILL.md` explicitly instructs the AI agent to 'Always confirm with the user before reading any local file to attach' and 'Never read files outside the current working directory or project scope (e.g., no ~/.ssh, ~/.env, /etc, or credential files)'. These instructions actively mitigate prompt injection risks and unauthorized data exfiltration, demonstrating a clear intent to guide the agent securely rather than maliciously. All API calls are to a legitimate-looking domain (`api.sendook.com`) and use standard authentication.
- External report
- View on VirusTotal