Back to skill
Skillv1.0.3
VirusTotal security
OpenClaw CLS Collector · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:41 AM
- Hash
- 98bf6b5cd254d4cad28922a52429afdb1075e85fabf0f37b9f9b6e813fcfbfa5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-cls-collector Version: 1.0.3 The skill requests sensitive Tencent Cloud credentials (SecretId and SecretKey) and executes a remote script downloaded via curl from mirrors.tencent.com. While these actions are consistent with the stated purpose of deploying observability services, the practice of handling raw cloud secrets and performing remote code execution via an AI agent is a high-risk pattern that could lead to credential exposure or unauthorized execution if the source or environment is compromised.
- External report
- View on VirusTotal