Back to skill
Skillv0.1.0
VirusTotal security
Forgejo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:34 AM
- Hash
- d103d63a28e970201e4001cf2429069b78a2f969e23a610f45c2c7cd5068c5a4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: forgejo Version: 0.1.0 The skill is classified as suspicious due to the explicit inclusion of instructions in `SKILL.md` for listing repository secrets (`tea actions secrets list`). While this is a legitimate command of the `tea` CLI and there is no clear evidence of intentional malicious behavior like exfiltration or misuse within the provided files, exposing the capability to list sensitive repository secrets to an AI agent represents a significant high-risk capability. This increases the attack surface for potential misuse or unintended exposure if the agent were to be compromised or given a crafted prompt.
- External report
- View on VirusTotal