Back to skill
Skillv2.0.1
VirusTotal security
PaperMC AI Operations · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:35 AM
- Hash
- 2880491e38b61ead7de68164045570bd3c08e9c95024943bde65e8236b8461ac
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: papermc-ai-ops Version: 2.0.1 The skill bundle is classified as suspicious primarily due to the inclusion of a hardcoded, sensitive API token for clawhub.ai across multiple files (simple_publish.sh, publish_skill.py, and publish_to_clawhub.py), which constitutes a significant credential leak. While the bundle's stated purpose is legitimate PaperMC Minecraft server management, it contains scripts with high-risk capabilities, including downloading and replacing executable JAR files from remote URLs (plugin_manager.py, update_paper.py, and plugin_upgrade_framework.py) and executing system-level commands via sudo systemctl (manage_server.py). Although these features are consistent with server administration, the exposure of credentials and the broad system access rights required make the bundle a security risk.
- External report
- View on VirusTotal