Back to skill
Skillv1.0.0
VirusTotal security
Spotify Player · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:00 AM
- Hash
- 2396cc593ed363c1f592dde48f2b48ad0396b21580318ae6aa8729f958a6a469
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: spotify-player Version: 1.0.0 The skill bundle is classified as suspicious due to the `spogo auth import --browser chrome` command specified in `SKILL.md`. This command accesses sensitive browser cookies for authentication, which, while plausibly needed for the stated purpose of a Spotify player, represents a high-risk capability that could be abused. There is no clear evidence of intentional malicious behavior or prompt injection against the agent for data exfiltration or unauthorized actions within the provided files, but the direct access to browser data warrants a 'suspicious' classification.
- External report
- View on VirusTotal