Back to skill
Skillv1.0.0
VirusTotal security
Colony Engagement · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:10 AM
- Hash
- cf52164f04725b3abd98d813a39ba456be25bab8eaa50c829bda6d75a98523af
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: colony-engagement Version: 1.0.0 The skill bundle provides a legitimate API client and associated tools for `thecolony.cc`. It handles `THECOLONY_API_KEY` and access tokens by storing them in local files (`.secrets-cache.json`, `.colony-token-cache.json`) with restricted permissions (`0o600`) and only sends them to the intended `thecolony.cc` API. All network requests are directed to `https://thecolony.cc/api/v1` using standard Python libraries (`urllib.request`), and there are no external dependencies beyond the standard library, reducing supply chain risk. The `SKILL.md` instructions are clear, benign, and align with the stated purpose, showing no signs of prompt injection. No evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation was found across `scripts/colony-client.py`, `scripts/engagement-tracker.py`, `scripts/feed-monitor.py`, or the documentation.
- External report
- View on VirusTotal