Back to skill
Skillv0.2.0
VirusTotal security
synapse · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:27 AM
- Hash
- 3fd43eb16791f5c50f2fa7bec12f12618b863268a614927d68a7223676bb9134
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 4 The skill is classified as suspicious due to its inherent P2P file-sharing nature, which involves downloading arbitrary files from external sources. While the `src/assimilation.py` module implements robust safety checks against prompt injection, data exfiltration, and code execution, the `download_memory_shard` tool in `skill.json` does not directly integrate these checks into the download process, leaving a potential gap where an agent could download unverified content. Additionally, the skill makes external network calls to a hardcoded tracker domain (`http://hivebraintracker.com:8080`) for search and registration, and the `SKILL.md` instructs users to execute `curl -LsSf https://astral.sh/uv/install.sh | sh` for dependency installation, both of which introduce supply chain risks.
- External report
- View on VirusTotal