Back to skill
Skillv1.0.0
VirusTotal security
Omnium Hub CRM · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:25 AM
- Hash
- d608e866ae6b5de95ec026210eec46f9a0c9b5f8830198195332a1eb00f5b92b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: omnium-hub-crm Version: 1.0.0 The skill is designed for legitimate CRM interaction, but it handles the Omnium Hub API Key in a vulnerable manner. The `SKILL.md` instructs the AI agent to pass the API key directly as a command-line argument to `scripts/omnium_client.py`. This practice exposes the sensitive API key in process lists, shell history, and agent logs, which is a significant information exposure vulnerability, classifying it as suspicious rather than benign. There is no evidence of malicious intent such as data exfiltration to unauthorized endpoints, persistence mechanisms, or prompt injection attempts against the agent.
- External report
- View on VirusTotal