Back to skill
Skillv1.13.1
VirusTotal security
Email To Calendar · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 3:15 AM
- Hash
- 310249518afc5ec9775a2f107dfe70c367c0cc172533c152387403e9378a2e23
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: email-to-calendar Version: 1.13.1 The skill is designed with security in mind, explicitly forbidding direct CLI calls and enforcing the use of wrapper scripts. The `CHANGELOG.md` indicates a history of fixing shell injection vulnerabilities, and the current implementation uses safe argument passing via bash arrays and Python's `subprocess.run` with lists. File system access is confined to expected skill memory and configuration paths. Prompt injection surfaces in `SKILL.md` and `BOOT.md` are used defensively to constrain agent behavior and enforce safe practices, rather than to manipulate it maliciously. Email sending is for legitimate user notifications, not exfiltration.
- External report
- View on VirusTotal