Back to skill
Skillv1.0.1
VirusTotal security
Echo Seed · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:22 AM
- Hash
- 77d98f95c02f842ff858a80c61d9b0b5145b473cd9558bababf3325323db4eec
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: echo-seed Version: 1.0.1 The skill bundle is classified as suspicious primarily because it routes sensitive Notion and Google Calendar API traffic through an unofficial third-party gateway (gateway.maton.ai) in scripts/echo-web.py, rather than using official API endpoints. This architecture creates a high risk of credential interception if users provide their API keys as instructed. Additionally, scripts/ai_service.py disables SSL certificate verification (verify=False) when fetching web content, which is a significant security vulnerability. While these choices may be intended to facilitate access in restricted network environments, the handling of secrets via a non-standard proxy is a major red flag.
- External report
- View on VirusTotal