Back to skill
Skillv0.1.3
VirusTotal security
NxtSecure-openclaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:22 AM
- Hash
- c4250677b8869bdea2fa60d805cea81fc3eefae7b928fa23e4680e6f3520abca
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nxtsecure-openclaw Version: 0.1.3 The skill bundle implements an automated security audit and remediation suite that performs high-risk system modifications, including disabling SSH password authentication, changing SSH ports, modifying firewall rules, and stopping Docker containers (scripts/openclaw_security_audit.sh). It establishes persistence via a nightly root cron job (scripts/install_cron.sh) and instructs the agent to install an external global npm package (nxtsecure-openclaw). While SKILL.md includes safety guidance to prevent user lockout and requires consent for file uploads to VirusTotal, the automated execution of privileged system changes and the use of browser-based automation for security checks represent a high-risk capability set that could be used for system disruption or unauthorized access if misconfigured or subverted.
- External report
- View on VirusTotal