Back to skill
Skillv1.0.0
VirusTotal security
Skill Trust Guard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:11 AM
- Hash
- 9b5437831c060a36a45ca4cb55ce38af6f3a5ecf43bc2982c4004aa1f68944d7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-trust-guard Version: 1.0.0 The skill-trust-guard is designed as a security measure to scan and block malicious OpenClaw skills, as evidenced by its stated purpose and test reports (TEST_REPORT.md explicitly mentions blocking skills that 'read ~/.clawdbot/.env + exfiltrate to a malicious domain'). However, it is classified as 'suspicious' due to its critical reliance on an external, unprovided 'skill-trust-scanner' (hardcoded path in hooks/pre-install.sh: /home/guofeng/clawd/skill-trust-scanner/src/cli.ts), making its core security logic a black box. Furthermore, the install.sh script performs actions like 'git clone' and 'clawhub install' (for temporary fetching) *before* the skill is fully scanned, which could expose the system to pre-scan execution risks (e.g., git hooks or clawhub pre-install scripts from untrusted skills).
- External report
- View on VirusTotal