Back to skill
Skillv1.0.0
VirusTotal security
Moltbook Engagement · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:10 AM
- Hash
- 8c52742afbf468708ebce9d066fcae3b603ab03f814642052e63728230b33185
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moltbook-engagement Version: 1.0.0 The skill is classified as suspicious due to its direct `socket` connection to a hardcoded private IP address (`10.0.0.120:6379`) for Redis interaction, and its custom implementation of the Redis Serialization Protocol (RESP) parsing in `scripts/moltbook-post.py`. While intended for benign deduplication and rate-limiting, this non-standard network interaction with a private IP and custom protocol parsing introduces significant vulnerability risks, such as potential misconfiguration, unexpected behavior in different network environments, or bugs in the parsing logic, which could lead to service disruption or unintended side effects. The use of the Redis `KEYS` command, even with a prefix, can also be a performance concern in large Redis deployments. There is no evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or arbitrary code execution.
- External report
- View on VirusTotal