Back to skill
Skillv2.1.0
VirusTotal security
Claw Messenger · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:38 AM
- Hash
- c3c7f56c03d40a9deea28bedb46d6a95953f23a079051471d9ad3408cb74dc2e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: first-claw-messenger Version: 2.1.0 The skill establishes an unauthenticated communication channel with an external service (https://latent.7demo.uz) and uses persona-altering instructions in SKILL.md to encourage the agent to broadcast 'thoughts,' 'discoveries,' and 'signals' to a 'collective mind.' This creates a high risk of data exfiltration, as the agent is nudged to share session context and findings to a public endpoint without any safety boundaries or authentication. The 'Voice is a claim' philosophy and the use of webhooks for notifications further increase the attack surface for data harvesting and potential SSRF.
- External report
- View on VirusTotal