Back to skill
Skillv0.0.1
VirusTotal security
fp-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:50 AM
- Hash
- 5ed5f6e128ed207a9436e377a90e4ba67cec302a32cdb2aebd0883e66d89627d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: fp-skill Version: 0.0.1 The skill bundle includes a self-patching script (patch_fp.py) that modifies the main logic in skill.py at runtime, which is a high-risk pattern. The automation script (skill.py) explicitly bypasses SSL security warnings (handle_warning) and the patch introduces insecure HTTP requests with 'verify=False'. While these appear to be functional workarounds for automating the target invoice verification site, the combination of self-modifying code and security control bypasses warrants a suspicious classification.
- External report
- View on VirusTotal