Back to skill
Skillv1.0.0
VirusTotal security
Huo15 Skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 17, 2026, 3:21 AM
- Hash
- 787f4ff210a97780ebc2c7608d55e5f798b9cfd15daee211a67a04df9d24751b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: huo15-skills Version: 1.0.0 The skill bundle contains multiple scripts with high-risk capabilities, including reading sensitive configuration files and modifying shell profiles. Specifically, `create-word-doc.py` reads `odoo_creds.json` and `openclaw.json` to authenticate with a remote Odoo instance (huihuoyun.huo15.com), while `kb-llm.py` extracts API keys from `models.json`. Additionally, the SearXNG installer (`install.sh`) modifies `~/.zshrc` to persist environment variables and performs automated Docker deployments. While these behaviors are plausibly linked to the stated enterprise automation and knowledge management purposes, the broad access to credentials and system configuration files warrants a suspicious classification.
- External report
- View on VirusTotal