Back to skill
Skillv1.3.0
VirusTotal security
Jentic WhatsApp QR · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:00 AM
- Hash
- ffc43b8d8de99b698d65a2f8f0f47bc77338046042493e7ba5889198b6d58619
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: jentic-whatsapp-qr Version: 1.3.0 The skill is classified as suspicious due to its direct instruction to the AI agent to read a sensitive configuration file (`/root/.openclaw/openclaw.json`) to extract an API token, as seen in `SKILL.md`. While this token (`JENTIC_MM_SHIRKA_TOKEN`) is used for the stated purpose of delivering the QR code via Mattermost to `https://mattermost.claw.jentic.ai`, the capability to access such sensitive files and make external network calls represents a significant vulnerability if the agent could be prompted to read other secrets or exfiltrate data to arbitrary endpoints. The code itself (`generate_qr.py`, `qr_decode.py`) appears to be functional and not inherently malicious, but the agent's instructions in `SKILL.md` demonstrate risky capabilities.
- External report
- View on VirusTotal