Back to skill
Skillv1.0.0
VirusTotal security
Larry · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:06 AM
- Hash
- 0fd445b583e663345324047dd1561478966d5fbf9f372a4b6b67506a334c80c1
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: larry Version: 1.0.0 The OpenClaw AgentSkills bundle 'larry' is designed for TikTok marketing automation, utilizing external APIs for image generation (OpenAI, Stability AI, Replicate), posting/analytics (Postiz), and optional conversion tracking (RevenueCat). The `SKILL.md` provides detailed instructions for the AI agent, guiding it through conversational onboarding, competitor research, content generation, and setting up a daily analytics cron job. All external API calls are to legitimate services, and file system operations are confined to the skill's working directory for configuration, images, and reports. While `JSON.parse` operations in scripts like `add-text-overlay.js`, `competitor-research.js`, and `generate-slides.js` could be theoretical vulnerabilities if an attacker could control the input JSON files, the skill's design implies these files are managed by the agent itself based on user interaction, not directly exposed to arbitrary untrusted input. There is no evidence of intentional harmful behavior, data exfiltration, unauthorized remote control, or persistence mechanisms beyond the stated daily cron for analytics. The instructions for the agent are consistently aligned with the stated marketing purpose, without any prompt injection attempts to subvert the agent's core directives or compromise the system.
- External report
- View on VirusTotal