Back to skill
Skillv1.0.0
VirusTotal security
Creator Intel V5 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:46 AM
- Hash
- 3c0b66b4231bfe92186306f631ece84e1fa3399c4a04b51571e05728eeaef5b7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: creator-intel-v5 Version: 1.0.0 The skill is classified as suspicious primarily due to the hardcoded Tavily API key (`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`) found in `scripts/generate_brief.py`. While the `SKILL.md` instructs users to replace it, shipping a skill with a hardcoded API key, even a development one, is a significant security vulnerability and poor practice. The skill also instructs the agent to set up a cron job for persistence via `openclaw cron add` in `SKILL.md`, which, while documented and intended to run the skill's own script, represents a risky capability if not properly secured by the platform.
- External report
- View on VirusTotal