Back to skill
Skillv1.1.0
VirusTotal security
Kiro X Publisher · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:18 AM
- Hash
- a801b1dde693646ead424a184de9a40016a391d20835429b09acc890a8ecbac2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kiro-x-publisher Version: 1.1.0 This skill is classified as suspicious due to its inherent high-risk capabilities, specifically the ability to post tweets to X (Twitter) using OAuth 1.0a credentials, as implemented in `scripts/x_hot_pipeline.py` and scheduled by `scripts/setup_cron.sh`. While this functionality is explicitly stated as the skill's purpose and the `setup_cron.sh` script includes robust input validation and command construction safeguards against shell injection, the act of posting to a social media platform is a significant risky capability. Additionally, the skill relies on a third-party service (FxTwitter) for content enrichment, introducing an external dependency risk. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, backdoor installation, or prompt injection attempts against the agent.
- External report
- View on VirusTotal