Back to skill
Skillv1.0.0
VirusTotal security
OPC Framework · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:18 AM
- Hash
- bd0fbfe71bde7b06d0d5301d81f12bdf18a8d74fbe1524e52a759ddf5ed3d4b5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: opc Version: 1.0.0 The skill bundle is classified as suspicious due to the inherent high-risk nature of operations described in several skills, particularly 'deployment' and 'operations'. The `deployment/SKILL_EN.md` and `deployment/SKILL_ZH.md` files instruct the AI agent to perform actions like 'DB Migration', 'Service Deployment', 'Config Update', and 'Backup of production database'. Similarly, `operations/SKILL_EN.md` and `operations/SKILL_ZH.md` describe 'Automated Operations' (e.g., auto-publishing, handling sales, auto-replies, aggregating notifications) and 'Monitor cloud costs, shut down idle resources'. While these capabilities are plausibly needed for the stated purpose of managing a 'One-Person Company', they imply the agent would require significant permissions (e.g., database access, cloud API access, system-level control) to execute. This represents a substantial attack surface and potential for critical vulnerabilities if the AI agent's execution environment is not securely sandboxed, even though there is no clear evidence of intentional malicious behavior instructed by the skill bundle itself.
- External report
- View on VirusTotal