Back to skill
Skillv1.6.1
VirusTotal security
Voice Memo Sync · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:33 AM
- Hash
- 0d73cc3d38ab5174d7c001da1e311286f7835d724ea7424c28ee327fe8a002e2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: voice-memo-sync Version: 1.6.1 The skill performs high-privilege operations including accessing private macOS Library containers for Voice Memos and iCloud, and using 'osascript' to automate Apple Notes and Reminders. While these actions are aligned with the stated purpose of syncing and organizing memos, the scripts (specifically 'process.sh' and 'create-apple-note.sh') execute shell commands and system automation that could be abused if provided with malicious input. Additionally, 'process.sh' performs an unverified remote download of a model binary from HuggingFace via 'curl', and 'install.sh' establishes persistence by modifying the OpenClaw 'HEARTBEAT.md' file.
- External report
- View on VirusTotal