Back to skill
Skillv1.0.2
VirusTotal security
Вконтакте - публикация постов, фото и видео. Диалоги с посетителями. NodeJS · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:18 AM
- Hash
- 32249474e3bb48b42c7b241bc1954eae026973cf1a34c703b66ed48a55ea5b12
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vk Version: 1.0.2 The skill is classified as suspicious due to its requirement for a highly privileged and permanent VK User Token (with `wall,groups,photos,video,messages,offline` scopes) and its direct file system and network access capabilities, even though these are plausibly needed for its stated purpose of VK community management. While the code itself (`scripts/vk_cli.js`) and documentation (`SKILL.md`, `references/api.md`) do not show clear evidence of intentional malicious behavior or prompt injection attempts against the agent, the broad permissions and access granted by the skill present a significant risk if the agent or token were compromised or misused.
- External report
- View on VirusTotal