Back to skill
Skillv1.0.0
VirusTotal security
🤖 GitHub自动管家 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 1:06 AM
- Hash
- 6566b0fadbb303c1d6b89b02c8712cfc0da883d0353f9612340147086cb83527
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: huimai-github-auto Version: 1.0.0 The skill claims in SKILL.md to manage GitHub repositories and CI/CD 'without an API key,' which is highly suspicious as it implies the tool may attempt to silently leverage the host's local git credentials or environment variables. The documentation also includes a 'Calibration Framework' (惠迈校准框架v1.0) designed to manipulate the agent's output behavior ('Warm Mode'), which is a form of prompt injection that could be used to mask unauthorized actions. No functional code was provided to verify how these tasks are performed, making the 'No API Key' claim a potential indicator of credential harvesting or unauthorized access.
- External report
- View on VirusTotal