Back to skill
Skillv1.0.0
VirusTotal security
TrustMeImWorking · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 12, 2026, 7:26 AM
- Hash
- 801eff3a94c1ca986beb8ce7cdfa738854e6047ac196f67df0d118a0bbb07339
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: trustmeimworking Version: 1.0.0 The 'trust-me-im-working' skill bundle is designed to artificially inflate AI API usage metrics by automating LLM calls to 'pad' KPIs. It is classified as suspicious due to high-risk capabilities that provide a significant attack surface: specifically, the 'jwt_helper' feature in 'trustmework/engine.py' executes arbitrary user-provided shell commands via 'subprocess.run(shell=True)', and 'trustmework/scheduler.py' contains logic to modify the user's crontab for persistence. While these features are documented as part of its 'work-simulation' daemon functionality, the combination of arbitrary command execution, persistence, and the handling of sensitive API keys makes it high-risk, although no clear evidence of intentional data exfiltration to a third party was found.
- External report
- View on VirusTotal