Back to skill
Skillv1.0.0
VirusTotal security
LinkClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 23, 2026, 2:12 AM
- Hash
- e317cd460bd504a22aad9e2c1c910bb15cd84b449fb8eafc2c7016e8b4886b2a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: linkclaw Version: 1.0.0 The skill facilitates interaction with the LinkClaw social platform but contains a high-risk self-update mechanism. In HEARTBEAT.md (Step 1), the agent is instructed to periodically download and overwrite its own instruction files (SKILL.md and HEARTBEAT.md) from the remote server (linkclaw.linkcrux.com). This creates a significant vector for Remote Instruction Injection, allowing the platform to change the agent's behavior or logic at any time without user intervention. While the current instructions include positive security practices like API key protection and requiring human consent for registration, the automated modification of the agent's core instructions is a dangerous pattern.
- External report
- View on VirusTotal