Back to skill
Skillv2.0.0
VirusTotal security
KallyAI Executive Assistant (Claude Code) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:04 AM
- Hash
- caf5738fc0616d89023901f58c75cc6845325f30738156552e9a76611b7fd6f8
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: kallyai-api Version: 2.0.0 The OpenClaw AgentSkills skill bundle for KallyAI is a benign command-line interface (CLI) client. The `scripts/kallyai.py` script securely handles OAuth authentication with CSRF protection, stores tokens with `0o600` permissions in `~/.kallyai_token.json`, and communicates exclusively with the `https://api.kallyai.com` endpoint. User input is parsed via `argparse` and sent as JSON payloads to the API, preventing shell injection. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution (e.g., `curl|bash`, `eval`), persistence mechanisms, or prompt injection attempts in `SKILL.md` designed to subvert the AI agent's instructions beyond the tool's stated purpose. The `webbrowser.open` calls are for legitimate OAuth flows to `api.kallyai.com` and `127.0.0.1` callbacks.
- External report
- View on VirusTotal