Back to skill
Skillv1.0.0
VirusTotal security
Golf Tee Times · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:12 AM
- Hash
- 2b27a16075b5647826efa7c47f8f2ba717aff03eb8b739af1e68ddff2f9cee7a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: golf-tee-times Version: 1.0.0 The skill is classified as suspicious primarily due to instructions in `SKILL.md` that direct the AI agent to execute an external shell script (`scripts/vault.sh get golfnow`) for retrieving sensitive credentials. This grants the agent the capability to run arbitrary system commands for a high-risk purpose (credential handling and payment processing), which, while intended for the skill's stated function, represents a significant vulnerability if the agent is compromised or prompt-injected. The `golfnow-search.py` script itself uses `subprocess.run` to execute `curl` for API calls to `golfnow.com`, which is a legitimate use, but the broader instruction in `SKILL.md` to interact with system-level scripts for sensitive data makes the bundle suspicious.
- External report
- View on VirusTotal