Back to skill
Skillv1.0.0
VirusTotal security
Mission Control Builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:13 AM
- Hash
- 40af51a4bf74ed70ca0449c03a3cc3089e86b8e15b1a2790ce7e49cda944336e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mission-control-builder Version: 1.0.0 The skill is classified as suspicious due to its high-risk capabilities, despite their alignment with the stated purpose. It accesses and reads files from the user's home directory (`process.env.HOME`) in `src/app/api/sync/route.ts` to display OpenClaw memories, and makes outbound network requests to GitHub in `src/app/api/github-trends/route.ts`. Furthermore, the `SKILL.md` explicitly states that 'No authentication included' for the Next.js dashboard, which, if exposed beyond `localhost` or a VPN, could lead to unauthorized access to local data, including OpenClaw memories. While these actions are plausibly necessary for the dashboard's functionality and the skill provides mitigation advice ('Run locally or behind a VPN'), the combination of sensitive file access, network calls, and an unauthenticated web server constitutes a significant security risk that warrants a 'suspicious' classification rather than 'benign'.
- External report
- View on VirusTotal