Back to skill
Skillv1.0.0
VirusTotal security
Email Excel Transfer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 7:46 PM
- Hash
- ce4e1d5ed56b036a9a425137864a080ae260cdd31816f18469785d670773bac8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: email-excel-transfer Version: 1.0.0 The skill bundle facilitates a workflow for downloading email attachments via IMAP and automating Excel on a Windows host using a PowerShell bridge. It contains high-risk capabilities, specifically the use of an MCP bridge (http://172.17.0.1:3001/mcp) to execute arbitrary PowerShell commands (shell_ps) on a remote Windows system from a Linux environment. While these functions align with the stated purpose in SKILL.md, the combination of email credential handling and remote command execution represents a significant attack surface without built-in safeguards.
- External report
- View on VirusTotal