Back to skill
Skillv1.0.0
VirusTotal security
Lead Scorer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:00 AM
- Hash
- b7ba25c41d11f02500eecee3882ce66df7ad22505e304a391d8b0bcf0bb3fd66
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lead-scorer-free Version: 1.0.0 The skill is classified as suspicious due to significant security vulnerabilities in `scripts/score_lead.py`. It disables SSL/TLS certificate verification (`ssl.CERT_NONE`, `check_hostname = False`) when fetching URLs, making it vulnerable to Man-in-the-Middle attacks. Furthermore, the script allows reading arbitrary local files via the `--profile` and `--csv` arguments, and writing to arbitrary local files via the `--output` argument. While there is no evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or persistence mechanisms, these vulnerabilities could be exploited by a malicious actor providing input to the skill or by an inadequately sandboxed OpenClaw agent.
- External report
- View on VirusTotal