Back to skill
Skillv1.2.5
VirusTotal security
Claude Code Task · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 4:15 AM
- Hash
- 68dfb51b3d3585c212e06cd4dcdfd46ad28a5c84efa58fa501591f39fbf1af8d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claude-code-task Version: 1.2.5 The skill bundle provides an asynchronous orchestration wrapper for the Claude Code CLI, enabling long-running tasks with status notifications via Telegram or WhatsApp. It is classified as suspicious due to risky credential handling and broad execution permissions: `run-task.py` extracts the Telegram bot token from the local configuration and writes it into a temporary script in `/tmp/cc-notify-{pid}.py` to allow the sub-agent to send progress updates. This pattern exposes sensitive bot credentials to other local users/processes. Furthermore, the skill executes the `claude` CLI with the `--dangerously-skip-permissions` flag, granting the sub-agent unrestricted system access. While the complex instructions in `SKILL.md` appear aligned with the stated goal of reliable async task delivery, they represent a significant control-flow surface that bypasses standard OpenClaw tool constraints.
- External report
- View on VirusTotal