Back to skill
Skillv1.9.72
VirusTotal security
Wip Ai Devops Toolbox Private · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:55 AM
- Hash
- 020012008a29cfba8a9e36fbe8fddb04119238b3e03db44802640765d21600f3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wip-ai-devops-toolbox Version: 1.9.72 The bundle provides a suite of high-privilege DevOps and automation tools that include extremely intrusive capabilities. Most notably, 'ai/repos/gstack-private/browse/src/cookie-import-browser.ts' contains logic to programmatically decrypt and extract session cookies from multiple macOS browsers (Chrome, Arc, Brave, Edge, Comet) by querying the system Keychain for passwords and decrypting local SQLite databases. While documented as a feature for the 'browse' automation tool, this functionality poses a severe risk of credential theft. Furthermore, the bundle installs multiple 'hooks' (e.g., 'tools/wip-branch-guard/guard.mjs' and 'tools/wip-file-guard/guard.mjs') that intercept and block shell commands and file edits, and 'tools/wip-release/core.mjs' programmatically retrieves npm tokens from 1Password. While these features align with the stated goal of an AI-native DevOps environment, the combination of session hijacking, secret access, and command interception creates a massive attack surface.
- External report
- View on VirusTotal