Back to skill
Skillv0.5.50
VirusTotal security
Skill ยท External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:15 AM
- Hash
- 6aac15fb048707db448b69cfa66bb81dc0044cbffe053e16a3df18f8024c281a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agenticmail Version: 0.5.50 This skill is classified as suspicious due to its extensive system-level capabilities and high-risk external interactions. The `scripts/setup.sh` executes `docker compose up -d` and `npx tsx scripts/init-local.ts`, deploying services and running local scripts, which are powerful actions. Furthermore, the `SKILL.md` describes tools like `agenticmail_sms_send` and `agenticmail_sms_read_voice` for SMS communication (including potential OTP interception), and `agenticmail_setup_domain` and `agenticmail_setup_payment` for managing external domains and payments. The `agenticmail_storage` tool also allows raw SQL execution, which could be a SQL injection vulnerability if not properly sanitized. While these capabilities are presented as features for an agentic mail system, they provide significant control over the host and external services, posing a high risk if misused or exploited.
- External report
- View on VirusTotal