Back to skill
Skillv1.0.1
VirusTotal security
xpull · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 5:51 AM
- Hash
- 5c662a36335923fba0a757f0bd40b3d2a1181dcce7d32a18a3659edd9c1ccb7f
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: xpull Version: 1.0.1 The xpull skill bundle provides legitimate utilities for fetching Twitter/X content using the FxTwitter public API and the xAI Grok API. The scripts (fx-fetch.mjs and grok-x-search.mjs) use standard Node.js HTTPS modules to communicate with official or well-known endpoints (api.fxtwitter.com and api.x.ai) and include a local state management system (.grok-state.json) to enforce daily usage caps. There is no evidence of data exfiltration, unauthorized execution, or prompt injection attempts.
- External report
- View on VirusTotal