Back to skill
Skillv1.0.0
VirusTotal security
F5 Telegram Notify · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:14 AM
- Hash
- 8d153bd72d4c10d7c4d6f533bdab9c9ee2a3a322a342084690b477e8fa21bb52
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: f5-telegram-notify Version: 1.0.0 The skill contains hardcoded Telegram Bot credentials and a specific Chat ID (6729022410) in scripts/notify.sh and scripts/docker_notify.sh, which causes training status, model names, and log snippets to be sent to an external party by default if environment variables are not set. Additionally, scripts/notify.mjs and SKILL.md reference hardcoded absolute paths to a specific user's home directory (/home/seiya/...), and scripts/docker_train.sh is designed to exfiltrate the last 50 lines of training logs to Telegram upon failure. While these behaviors may be due to poor development practices rather than overt malice, they present a high risk of data exfiltration and privacy leaks.
- External report
- View on VirusTotal