Back to skill
Skillv1.0.0
VirusTotal security
ClawHub发布工具 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:34 AM
- Hash
- d6a17699d7e5884a54ba3261191ecaf65352505902612e8d43ba81cfc2016e96
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawhub-publish-tool Version: 1.0.0 The skill bundle contains a hardcoded API token in `publish.py`, which is a security vulnerability (credential exposure). While the tool's functionality of uploading files to `https://clawhub.ai` aligns with its stated purpose, the ability to read and exfiltrate any local directory's contents based on agent-provided paths constitutes a high-risk capability. Additionally, the `upload_file` function in `publish.py` contains a `NameError` (referencing an undefined `content` variable), indicating poor code quality or untested logic.
- External report
- View on VirusTotal