Back to skill
Skillv1.0.10
VirusTotal security
Health Report · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:15 AM
- Hash
- 04528f1bf538b71181826c3d4ae72bd8a5b9c98f729cb2bc46f817a5b09a2896
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-skill-health-report Version: 1.0.10 The skill bundle provides a comprehensive health reporting system that reads local health records from a workspace directory and sends processed reports to external platforms (DingTalk, Feishu, Telegram). While the behavior is well-documented and aligned with the stated purpose, it exhibits several high-risk behaviors: it uses `subprocess.run` in `health_report_pro.py` to execute the `openclaw` CLI, performs external network requests to the Tavily API and various messaging webhooks, and requires access to multiple sensitive environment variables. Per the analysis criteria, the presence of shell execution and broad network/file access, even when plausibly needed for the tool's function, warrants a suspicious classification.
- External report
- View on VirusTotal