Back to skill
Skillv1.0.0
VirusTotal security
clawshop · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:00 AM
- Hash
- 929c53796ef2ab66046e38f19c5df41b73288bb8b74656b954dc412d8d87ee0f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawshop Version: 1.0.0 The `SKILL.md` file instructs the AI agent to execute shell commands (`curl`, `jq`, `printf`, `chmod`, `cat`) to interact with an external API at a hardcoded IP address (82.156.31.238) and manage an API token file (`./.clawshop_token`). While these actions are aligned with the skill's stated purpose, the direct instruction to execute arbitrary shell commands and perform external network calls represents a high-risk capability. This capability, if exploited, could lead to remote code execution or data exfiltration, making the skill suspicious due to the inherent vulnerability in allowing such direct command execution via markdown instructions, even without explicit malicious intent in this specific instance.
- External report
- View on VirusTotal