Back to skill
Skillv0.1.0
VirusTotal security
Scry · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:52 AM
- Hash
- 95b058525dcb219a51287712afc3dc31df6e9e119e1761b9b5294f41a900168d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: scry Version: 0.1.0 The 'scry' skill is a comprehensive research tool that aggregates data from over 26 sources. However, it includes a high-risk capability within the vendored 'bird-search' component (specifically in `vendor/bird-search/lib/cookies.js`), which contains logic to automatically extract authentication cookies (`auth_token` and `ct0`) from local browser databases (Safari, Chrome, and Firefox). While the documentation in `README.md` and `SKILL.md` acknowledges the use of browser cookies for X (Twitter) searches, the automated harvesting of sensitive browser credentials represents a significant security and privacy risk. The rest of the codebase, including the Python orchestrator (`scry.py`) and various source modules, appears functional and aligned with the stated purpose.
- External report
- View on VirusTotal