Back to skill
Skillv1.0.5
VirusTotal security
Skill Preflight · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 26, 2026, 11:51 PM
- Hash
- 16bbcc58701b3a2e7235b9835d353f34e233a564e708c70219fab36da1beefe0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-preflight Version: 1.0.5 The plugin implements a RAG (Retrieval-Augmented Generation) system that reads local markdown files from the workspace and sends their content, along with user prompts, to a configurable Ollama API endpoint for embedding (dist/index.js). While the documentation (README.md) and the code itself include explicit warnings and runtime logs regarding the privacy risks of using a non-local 'ollamaBaseUrl', the capability to read arbitrary files and transmit them to a network endpoint constitutes a high-risk behavior that could be leveraged for data exfiltration if misconfigured.
- External report
- View on VirusTotal