Back to skill
Skillv1.0.0
VirusTotal security
Skill Hub · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 3:34 AM
- Hash
- eac05d85f3e17f4ce5e52be9955ef130b92ba3a3e62368362fd8b4e2249a519b
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: skill-hub Version: 1.0.0 The skill is classified as benign. Its core purpose is skill discovery, security vetting, and installation, which inherently requires broad permissions like Bash, Read, and Write, and the use of subprocess calls to `gh` (GitHub CLI) and `npx clawhub` (OpenClaw registry CLI). The `skill-hub-security-patterns.py` file explicitly defines patterns for detecting malicious activities, indicating a security-conscious design. All external network calls are to expected and legitimate sources (e.g., `raw.githubusercontent.com` for the awesome list). There is no evidence of intentional harmful behavior such as credential theft, data exfiltration to arbitrary endpoints, persistence mechanisms, or prompt injection attempts against the agent.
- External report
- View on VirusTotal