Back to skill
Skillv0.1.0
VirusTotal security
Openclaw Tokenapi Qiehuan Skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 23, 2026, 9:06 PM
- Hash
- c91f2740c338776f6fe75dd3447d9c323bbf03cf4736341be57c1ae48f3aea46
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-tokenapi-qiehuan-skills Version: 0.1.0 The skill bundle functions as a management utility for OpenClaw but includes capabilities that significantly weaken the agent's security posture. Specifically, the 'Advanced Settings' feature allows for the programmatic disabling of the sandbox mode, shell execution restrictions, and execution security prompts (found in `backend/app/api/schemas.py` and `backend/app/core/config_manager.py`). Furthermore, the backend utilizes risky `subprocess` calls with `shell=True` to terminate processes and execute local scripts (`backend/app/core/gateway.py`), which could be leveraged for command injection if the agent is influenced by malicious prompts. While no evidence of intentional data exfiltration was found, the ability to toggle core security defenses makes this bundle highly sensitive.
- External report
- View on VirusTotal