Back to skill
Skillv1.1.2
VirusTotal security
OCFT - OpenClaw File Transfer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:20 AM
- Hash
- 8e1dcfe535be0345f66579f006f2bc680cd886ffcbc8d9dca7c2c7800390aa40
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ocft Version: 1.1.2 This skill is classified as suspicious due to its inherent handling of sensitive information (node secrets, IPFS API keys) and its extensive file system and network access, which, while plausible for its stated purpose of P2P file transfer, introduces significant risk. Specifically, commands like `ocft show-secret` and `ocft set-ipfs-key` (documented in SKILL.md) directly manage credentials, and the skill stores configuration including secrets in `~/.ocft/config.json` (mentioned in README.md). The reliance on an external `npm` package (`npm install -g ocft`) also presents a supply chain risk.
- External report
- View on VirusTotal