Back to skill
Skillv2.1.0
VirusTotal security
What Should We Do? · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:05 AM
- Hash
- 5fdd15c3d264cebad765b0e263898d0bc1297c19e418c3be25217dac2c8b698a
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: whatdo Version: 2.1.0 The OpenClaw AgentSkills skill bundle 'whatdo' is classified as benign. The `SKILL.md` file, which defines the agent's behavior and instructions, outlines legitimate uses of `web_search` for weather and movie showtimes, `curl` commands for Google Places and Calendar APIs (if configured), and Clawdbot's internal `message` and `cron` tools for group invites and reminders. While the skill stores sensitive user contact information (email, phone, Telegram handles) in `preferences.json`, its usage is explicitly limited to these stated, legitimate functions, and instructions for email/SMS even specify drafting messages for the user to send, rather than direct sending. There is no evidence of intentional data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the agent for harmful purposes.
- External report
- View on VirusTotal