Back to skill
Skillv1.1.4
VirusTotal security
readx · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:24 AM
- Hash
- dfef33670c4deab68733a401964c49a462f1bd076e2f81a21a7821e9708bfde0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: readx Version: 1.1.4 The skill is classified as suspicious due to instructions for the AI agent to perform file system read/write operations and shell execution, which are high-risk capabilities. Specifically, `SKILL.md` instructs the agent to read and potentially write an API key to `~/.config/readx/credentials.json` (or Windows equivalent) and to execute `curl` commands for API interaction and fetching API documentation from `https://readx.cc`. While these actions are plausibly needed for the skill's stated purpose and `SKILL.md` includes explicit safeguards against API key exfiltration to unauthorized domains, these capabilities introduce an attack surface for potential vulnerabilities (e.g., shell injection, arbitrary file access) if the agent's execution environment or input sanitization is flawed.
- External report
- View on VirusTotal