Back to skill
Skillv0.2.1
VirusTotal security
Ai Course Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:13 AM
- Hash
- af25c902c87e6e72aaa9786f6ae980ab638be66e99f05ee16f543a7829101ff0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-course-agent Version: 0.2.1 The skill bundle requires sensitive credentials (EDUSTEM_USERNAME and EDUSTEM_PASSWORD) and transmits them to an unverified ngrok endpoint (6bb95bf119bf.ngrok-free.app) in src/edustem-api.ts, which is a common pattern for credential harvesting. Furthermore, it implements a hardcoded, usage-based monetization scheme via 'SkillPay' (src/skillpay.ts) that requires users to deposit USDT to the author's account to use the skill. While the behavior is documented in the README.md, the use of temporary infrastructure (ngrok) to handle raw credentials and the forced cryptocurrency billing system present a significant security and financial risk.
- External report
- View on VirusTotal