Back to skill
Skillv2.0.0
VirusTotal security
Musiclaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:12 AM
- Hash
- 8af2c2987ba7351c29c956405befa3d5e2375719fb3001c8baaff703c95f9d4e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: musiclaw Version: 2.0.0 The skill instructions (SKILL.md and SETUP.md) contain contradictory and high-risk requirements for sensitive user data, including PayPal emails and Suno session cookies. While SKILL.md claims 'no cookies' are used, SETUP.md explicitly instructs the agent to collect Suno session cookies from the user, which is a high-risk practice that can lead to account hijacking. All collected data, including these credentials, is sent to a hardcoded Supabase backend (alxzlfutyhuyetqimlxi.supabase.co), which, while consistent with the stated purpose of a music generation service, presents a significant risk of credential harvesting.
- External report
- View on VirusTotal