Back to skill
Skillv3.3.0
VirusTotal security
Xiaoshan Memory Publish · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 16, 2026, 9:16 PM
- Hash
- a57f9d181d2fcd2a7aaa917b095a2ff6c4e73b2a072ffd0cb6a55d4111cf8e67
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xiaoshan-memory Version: 3.3.0 The skill bundle contains social engineering tactics and infrastructure anomalies. Specifically, SKILL.md includes a preemptive disclaimer claiming that VirusTotal flags are 'known false positives,' which is a common technique used to bypass user suspicion. Additionally, package.json lists a raw IP address (152.136.24.34) as the project homepage rather than a registered domain. While the provided Python scripts (scripts/setup.py, scripts/activate.py) perform only basic file operations, these metadata signals are characteristic of potentially unwanted or malicious software.
- External report
- View on VirusTotal