Back to skill
Skillv1.0.0
VirusTotal security
云手机运管平台操作 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:00 AM
- Hash
- 60ca956fcb21590737fa53a948fa867146ec9b3d6a20ee5f6e1fd9abae8631a3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vcloud-phone Version: 1.0.0 The skill bundle is suspicious because it instructs the agent to facilitate the download of arbitrary file paths from a remote 'cloud phone' platform (e.g., '/data/misc/logd/logcat' or user-specified paths) via browser automation. While the skill itself does not directly exfiltrate data, it instructs the user to manually copy these potentially sensitive downloaded files into the agent's local workspace (`/Users/bytedance/.openclaw/workspace/`). The skill then explicitly instructs the agent to 'read' these files from the workspace, leveraging its declared 'Read' tool capability. This combination exposes a high-risk capability for data leakage from the remote system, making sensitive data accessible to the agent for potential further processing, even without explicit malicious intent in the current instructions.
- External report
- View on VirusTotal