Back to skill
Skillv1.1.0
VirusTotal security
Monkeytype Tracker and Advisor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:16 AM
- Hash
- a4783ee0e0b8d600babff1ca9bc71317b048def4becf0b918be0d8b5117065bc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 1 The skill is classified as suspicious primarily due to its instruction to the OpenClaw agent to create cron jobs for automated reports, as detailed in `SKILL.md` (Step 3: Finalize Setup). While the stated purpose of these cron jobs is benign (daily/weekly reports), the capability to create scheduled tasks on the system is a high-risk operation that could be leveraged for persistence or unauthorized command execution if the agent or skill were compromised. Additionally, the skill instructs the agent to save the user's Monkeytype ApeKey to `~/.openclaw/workspace/config/monkeytype.json`, which, while necessary for functionality, involves writing a sensitive secret to disk, increasing the attack surface if the file permissions are not secure or the system is compromised. No direct evidence of intentional malicious behavior like exfiltration to unauthorized domains or obfuscated payloads was found.
- External report
- View on VirusTotal