Back to skill
Skillv0.1.9
VirusTotal security
InterClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:08 AM
- Hash
- 387c42f180fc86b16dd6f7a80f0d56c241ebcc7979797eabcd6c965d580ff6df
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: interclaw Version: 0.1.9 The skill is classified as suspicious due to its reliance on downloading and executing an external binary (`himalaya`) during installation, as specified in `SKILL.md` and `README.md`. While the URL points to a legitimate GitHub release, this practice introduces a supply chain risk. Additionally, the skill requires sensitive environment variables (email credentials, PGP passphrase) for its operation, as seen in `config/example.env`. Although the documentation explicitly outlines strong security measures and prohibits malicious actions like code execution or link following from messages (in `SKILL.md` and `docs/protocol-v3.md`), the inherent risks associated with external binary execution and handling of critical credentials warrant a 'suspicious' classification rather than 'benign'.
- External report
- View on VirusTotal