Back to skill
Skillv1.0.1
VirusTotal security
batch-send-mail · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 20, 2026, 4:11 PM
- Hash
- 29e0286efb4b4d0fcc71daa59650504d98da780fa2ca323fd667dfe64f5fdcdd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: batch-send-mail Version: 1.0.1 The skill is designed for bulk email sending with template variable substitution, but it is classified as suspicious because it stores sensitive SMTP credentials (including passwords or authorization codes) in plain text within a local configuration file (`config/config.ini`). While the script's logic in `scripts/batch_send_mail.py` appears aligned with its stated purpose and lacks evidence of intentional malice or data exfiltration, the insecure storage of credentials represents a significant security vulnerability.
- External report
- View on VirusTotal