Back to skill
Skillv0.1.3
VirusTotal security
miso · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:05 AM
- Hash
- a6389b724ace54cd5448b337c0e9f5af652a4f0ba8d1f32c8bbb8952ac78fff3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: miso Version: 0.1.3 The skill is classified as suspicious due to a critical vulnerability in `scripts/miso_telegram.py`. This script directly accesses a hardcoded path (`/Users/shunsukehayashi/.openclaw/openclaw.json`) to load the Telegram bot token. While the script uses the token for its intended purpose of interacting with the Telegram API (sending/editing messages, pinning/unpinning), this direct and hardcoded access to a sensitive configuration file containing credentials represents a significant security flaw that could be exploited if the skill is run in an untrusted environment or if the file permissions are misconfigured, potentially leading to token exposure.
- External report
- View on VirusTotal