Back to skill
Skillv1.0.0
VirusTotal security
ClawList — AI-Powered Task Management for OpenClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 22, 2026, 6:31 PM
- Hash
- ade1b3c8313241a0342fd147f74e36f96088c25fb752ca884c098c2e8597a49f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawlist-tlc Version: 1.0.0 The skill bundle contains hardcoded absolute paths to a specific user's home directory (/Users/oliverhutchins1/) in SKILL.md, which is highly unusual for a portable skill and suggests a targeted script or a leak of personal environment data. Additionally, the primary logic file (clawlist.py) referenced in the instructions is missing from the provided files, and the execution patterns described lack input sanitization, posing a significant risk of shell injection if the agent processes malicious user input into the 'exec' commands.
- External report
- View on VirusTotal