Back to skill
Skillv1.0.0
VirusTotal security
New Player Package 800 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:56 AM
- Hash
- 1585b33edc9ebdaabcf138a82a33636ef6f943db600bdfa371bf3b7f2d72fe40
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: new-player-package-800 Version: 1.0.0 The skill bundle is classified as suspicious due to its instruction to install skills with extremely broad system and filesystem access, specifically 'openclaw-anything' (for 'System management operations') and 'clawdbot-filesystem' (for 'Advanced filesystem operations'). While the provided SKILL.md does not instruct the agent to perform malicious actions with these capabilities, their installation significantly expands the agent's attack surface, making it vulnerable to future prompt injections or potential misuse if the installed skills themselves are compromised. The `npm install -g` command also grants global execution capabilities to `clawhub` and `uv`.
- External report
- View on VirusTotal