Back to skill
Skillv1.0.0
VirusTotal security
Wanng Ide Auto Skill Hunter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 19, 2026, 9:21 PM
- Hash
- 954fc54e11945f959b1d0ab03d0fb91e678caa9f7b81d21557280ab3b3722764
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wanng-ide-auto-skill-hunter Version: 1.0.0 The skill implements an autonomous 'discover-and-install' loop that mines sensitive session logs and user profiles to identify capability gaps, then fetches and executes third-party code from external endpoints (clawhub.com). While this behavior is aligned with its stated purpose of agent evolution, the script (src/hunt.js) automatically executes untrusted remote payloads using execSync for 'self-testing' and suggests persistence via cron jobs, creating a significant Remote Code Execution (RCE) and supply chain risk. It also processes private conversation data to generate search queries, which could lead to unintentional data exposure.
- External report
- View on VirusTotal