Back to skill
Skillv1.0.0
VirusTotal security
whatsappVoiceOpenSkill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:11 AM
- Hash
- d70ac4d2d5948c4950759ca8e8c62da7903c3ea3e194b5776bf93c9d18a11ed9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: whatsapp-voice-chat-integration-open-source Version: 1.0.0 The skill is classified as suspicious due to the use of high-risk capabilities, specifically `child_process.execSync` in `scripts/voice-processor.js` to execute a Python script, and an external network call via `fetch` to `https://wttr.in/Delhi?format=j1` in the same file. While these actions are plausibly aligned with the skill's stated purpose (transcription and weather information), `execSync` allows arbitrary command execution, and external network calls can be a vector for data exfiltration or C2 if abused. There is no clear evidence of intentional malicious behavior, but the presence of these powerful primitives without strict sandboxing warrants a 'suspicious' classification.
- External report
- View on VirusTotal