Back to skill
Skillv1.0.0
VirusTotal security
self-check · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:42 AM
- Hash
- a29a3e0fd794ed93f42b1a12fd9e293fdb1a4dd7398723a2702ef165e620cadb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: self-check Version: 1.0.0 The skill performs system-wide diagnostics using high-risk capabilities, including the execution of numerous shell commands via `subprocess.run(shell=True)` and scanning for sensitive API keys/tokens in environment variables and configuration files. While the script (scripts/self_check.py) appears to follow its stated 'report-only' policy and does not currently exfiltrate data, the logic for discovering secrets and the use of shell execution represent significant security risks. It also suggests a 'curl|bash' command for NVM installation (raw.githubusercontent.com/nvm-sh/nvm) which is a common but risky practice.
- External report
- View on VirusTotal