Back to skill
Skillv0.3.0
VirusTotal security
Skill Forge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:59 AM
- Hash
- a581302118866aa46118ed3d72a111a4609b31bb8c53f287e355f09e5e38dfd5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-forge Version: 0.3.0 The skill is classified as suspicious due to its broad and high-risk capabilities, which include requiring access to sensitive credentials (`TWITTER_BEARER_TOKEN` in `SKILL.md`), performing extensive network interactions with numerous external services (GitHub, X/Twitter, HuggingFace, etc.), cloning and potentially processing untrusted code from external repositories, probing local system runtimes, and interacting with social media platforms (posting tweets). While these actions are described as part of the skill's stated purpose (AI skill discovery and promotion), they introduce significant security vulnerabilities and a high potential for abuse through prompt injection or supply chain attacks, even without explicit malicious instructions in the provided files.
- External report
- View on VirusTotal