Back to skill
Skillv1.0.0
VirusTotal security
clawquest-chat-agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:36 AM
- Hash
- d490d168cbaf3f460b092587f8536ba53a3de57fd2d8c1c1c0c56ac4a20eedb2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawquest-chat-agent Version: 1.0.0 The skill bundle is classified as suspicious because SKILL.md instructs the agent to establish persistence via cron jobs using scripts (scripts/update-checker.js and scripts/cronjob-manager.js) that are missing from the provided files. These instructions include a 'Skill Update Check' designed to run silently every 6 hours, which is a high-risk behavior often associated with unauthorized self-updating or supply chain attacks. Additionally, the _meta.json file contains an anomalous future-dated timestamp (March 2026).
- External report
- View on VirusTotal