Back to skill
Skillv1.0.0
VirusTotal security
jj · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:07 AM
- Hash
- 4451d72ec9af46160c7ddb01491a0c664a49ed8d940108493c60f59085cb37b4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tt Version: 1.0.0 The skill bundle is classified as suspicious due to the inherent high-risk capability of the `wacli` tool to send arbitrary files from the agent's environment via WhatsApp, as demonstrated by the `wacli send file` command in `SKILL.md`. While the `SKILL.md` includes safety instructions for the agent (e.g., 'Require explicit recipient + message text', 'Confirm recipient + message before sending') which mitigate direct prompt injection for unauthorized actions, the underlying capability for broad file access and exfiltration through WhatsApp remains a significant risk.
- External report
- View on VirusTotal