Back to skill
Skillv1.0.0
VirusTotal security
No Cap · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 28, 2026, 3:01 PM
- Hash
- 45deec34a0727024fc546e7a343b1a639c7d272e7b0f4fc1cde7cbdc3cfb6be2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: no-cap Version: 1.0.0 The skill performs high-risk credential extraction and management. Specifically, SKILL.md instructs the agent to execute a CLI command (auto-login) that extracts X/Twitter session cookies from the Chrome browser and requires macOS Keychain access. It also handles sensitive data including session tokens and Resend API keys, storing them in ~/.no-cap/config.json. While these capabilities are plausibly required for the stated purpose of automating bookmark ingestion and email digests, the automated extraction of browser credentials and interaction with the system keychain represent significant security risks.
- External report
- View on VirusTotal