Back to skill
Skillv0.1.0
VirusTotal security
Bambu Lab · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:34 AM
- Hash
- 4fd62cd197dfd082c7bc44fceb1f7a3947d053ab7bead0a934fa4aa9d2036ebf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bambu-lab-skill Version: 0.1.0 The skill is classified as suspicious primarily due to the use of `ssl.CERT_NONE` and `tls_insecure_set(True)` in `scripts/bambu.py` and `scripts/bambu_monitor.py`. This disables TLS certificate verification for MQTT communication, making it vulnerable to Man-in-the-Middle attacks, even on a local network. Additionally, `scripts/bambu_monitor.py` attempts to read the `TELEGRAM_BOT_TOKEN` environment variable, which is sensitive, although the actual external Telegram API call for exfiltration is not implemented in the provided code (it uses OpenClaw's internal notification mechanism instead). These are risky capabilities without clear malicious intent, aligning with the 'suspicious' classification.
- External report
- View on VirusTotal