Back to skill
Skillv1.0.13
VirusTotal security
Wavye · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:42 AM
- Hash
- 7346edb4b78d2b4d2e71977421d0fefe74a17cf679730466f1b843541d2f9bc4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wayve Version: 1.0.13 The 'wayve' skill bundle functions as a complex management system for solopreneurs, relying heavily on a third-party CLI tool (@gowayve/wayve-cli). It is classified as suspicious because the instructions (SKILL.md, onboarding.md, and automations.md) explicitly direct the AI agent to proactively collect and store highly sensitive information, including business revenue, financial goals, and third-party credentials such as Telegram bot tokens and Slack/Discord webhooks. While these capabilities are aligned with the stated goal of providing business coaching and notifications, the systematic collection of third-party secrets and financial data via an AI agent represents a high-risk pattern that could be easily repurposed for data exfiltration or credential harvesting.
- External report
- View on VirusTotal