Back to skill
Skillv1.0.0
VirusTotal security
Web Deploy GitHub Pages · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:10 AM
- Hash
- dbab9dc880f8e0432393f55ee051d1ab4171ecafb257e2803f48dd3b346a40ad
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: web-deploy-github Version: 1.0.0 The skill is classified as suspicious due to its use of the GitHub CLI (`gh`) to programmatically create public GitHub repositories and configure GitHub Pages via `gh api` in `scripts/deploy_github_pages.sh`. While these actions are directly aligned with the stated purpose of deploying static websites to GitHub Pages, they represent high-risk capabilities. The script relies on the `gh` CLI being pre-authenticated in the agent's environment, and if the underlying GitHub token has broad permissions, this could lead to unintended creation of numerous public repositories or exposure of sensitive data if the agent were to generate and commit such content. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence, but the powerful programmatic interaction with GitHub without explicit user confirmation for each repository creation makes it suspicious.
- External report
- View on VirusTotal