Back to skill
Skillv1.0.0
VirusTotal security
Pixel Office · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 6:02 AM
- Hash
- 6b25080bd85e7a68f75ff257b57f7a99eff0a7c8c92378a79348d18cb214d209
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pixel-office Version: 1.0.0 The skill downloads and executes code from a remote GitHub repository (xmanrui/OpenClaw-bot-review) and accesses the sensitive `~/.openclaw/openclaw.json` configuration file, which typically contains API keys and bot tokens. While these actions are consistent with the stated purpose of launching a dashboard UI, the automated execution of remote code (via `git clone`, `npm install`, and `npm run dev`) and the access to private configuration data represent significant security risks inherent in the skill's design.
- External report
- View on VirusTotal