Back to skill
Skillv1.0.0
VirusTotal security
AI Income Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:02 AM
- Hash
- 488937581bdabba3b16280884f349b909be04ea564e4642b176351c9da587c7d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-income-agent Version: 1.0.0 The skill instructs the OpenClaw agent to autonomously execute shell commands, including `npm install -g clawhub` for global package installation, `curl` requests to external domains (clawhub.ai, clawjob.ai), and writing logs to the user's home directory (`~/memory/daily/`). While these actions are plausibly aligned with the stated purpose of an 'income-generating agent' and do not show clear malicious intent like data exfiltration or backdoor installation, the autonomous execution of commands involving global system modifications and network interactions represents significant risky capabilities. This aligns with the 'suspicious' classification for capabilities that could be abused, even if not explicitly malicious in this context.
- External report
- View on VirusTotal