Back to skill
Skillv1.0.1
VirusTotal security
Clawbox Media Server · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:21 AM
- Hash
- 9b8c352c8d3b6b60df86e30f93916dd3229261f36a188b4da8bb92205088dd74
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawbox-media-server Version: 1.0.1 The skill bundle sets up unauthenticated Node.js and Python web servers on ports 18801 and 18802 to facilitate LAN file sharing. It includes scripts (install-all.sh and setup.sh) that establish persistence by creating and enabling systemd user services. While the implementation includes basic security measures like path traversal checks in server.js and upload-server.py, the creation of unauthenticated network listeners and automated persistence are high-risk behaviors that could be exploited for unauthorized file access or storage on the host.
- External report
- View on VirusTotal