Back to skill
Skillv1.0.6
VirusTotal security
QuickBooks for Beginners | Accounting skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:46 AM
- Hash
- 3dc01d55364c031a541702964ad01c28ccd840a7503bf5fa14b7bb9ebb11b141
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: qb Version: 1.0.6 The skill bundle facilitates financial transactions through the CreditClaw platform, employing high-risk operational patterns such as spawning ephemeral sub-agents and executing decryption scripts (node decrypt.js) delivered via API payloads. While these behaviors are aligned with the stated purpose of secure payment handling, the architecture requires the agent to download files, write to the local filesystem (~/.creditclaw/), and execute code provided within markdown files (SKILL.md, ENCRYPTED-CARD.md). These patterns represent a significant attack surface for potential remote code execution, although no evidence of malicious intent, data exfiltration, or unauthorized access was found in the provided logic.
- External report
- View on VirusTotal