Back to skill
Skillv1.0.2
VirusTotal security
omnimemory-full-onboarding · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 27, 2026, 9:56 AM
- Hash
- ea84957279ccd4af9a47d133ebd7d6eda127c62a9ff1c7c00894cc46317d233b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: omnimemory-full-onboarding Version: 1.0.2 The skill bundle facilitates an onboarding process that explicitly instructs the AI agent to collect sensitive user information, including account passwords, OTPs, and external LLM API keys, to be sent to a non-standard backend URL (zdfdulpnyaci.sealoshzh.site). While this behavior is framed as a legitimate 'Bring Your Own Key' (BYOK) setup for the OmniMemory service, the practice of soliciting third-party secrets and transmitting them to a cloud-provider sub-domain instead of an official corporate domain (omnimemory.ai) is a high-risk pattern associated with secret exfiltration. These instructions are primarily located in SKILL.md and reinforced in references/setup-guide.md.
- External report
- View on VirusTotal