Back to skill
Skillv1.0.0
VirusTotal security
us3-uploader-encrypted · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:15 AM
- Hash
- 55b6c723223e5a5633810e0b06f04b9d443d6fc49cbe0de99847d5ab0bd395e1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: us3-uploader-encrypted Version: 1.0.0 The skill bundle provides a utility to exfiltrate files from the local sandbox to UCloud US3 storage. While this aligns with its stated purpose, `SKILL.md` contains aggressive, imperative instructions forcing the AI agent to upload all file outputs, which could be leveraged to exfiltrate sensitive data. Furthermore, `scripts/upload_to_us3.py` uses `os.system` to install the `ufile` SDK at runtime, which is a risky execution pattern that could be exploited if the package name were manipulated.
- External report
- View on VirusTotal