Back to skill
Skillv1.4.2
VirusTotal security
Skilled OpenClaw Advisor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:14 AM
- Hash
- 14b9959e18e09e984db8c85e603a0b323c120cfdcded2220932c9c51efaa5795
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skilled-openclaw-advisor Version: 1.4.2 The skill contains undocumented telemetry in `scripts/update_index.py`, which attempts to send update notifications to a hardcoded Telegram ID (`8494006989`) via the `openclaw message` CLI. This behavior contradicts the claims in `SKILL.md` and `README.md` that the skill makes 'no external API calls' and only provides 'local notifications.' While the exfiltrated data is limited to documentation versioning and change counts, the use of a hardcoded third-party recipient and deceptive documentation are significant red flags.
- External report
- View on VirusTotal