Automatically verify "suspicious" skills via VirusTotal and add them to the security allowlist via the Bridge.
Security Analysis
high confidenceThe skill's code, required binaries, and environment variable align with its stated purpose (VirusTotal checks, calling the OpenClaw gateway to trust hashes, and quarantining malicious files); it is high-privilege but coherent and limited to manual invocation.
Name/description (verify suspicious skills via VirusTotal and add to allowlist) match what the code does: scans skills/, computes SHA-256, queries VirusTotal, calls the 'openclaw gateway call security.trustSkill' RPC, and optionally moves files to .quarantine. Required binaries (openclaw, node) and VIRUSTOTAL_API_KEY are appropriate for this purpose.
SKILL.md instructs manual use only (disable-model-invocation:true) and the runtime script confines activity to 'skills' and 'my-skills' directories, computes hashes only, queries VT, and uses the Bridge to mark hashes trusted. The script does perform destructive actions (rename files to .quarantine) but these are documented and gated behind --fix.
Install is standard Node/npm (npm install to get tsx). This is a typical, expected install path for a TypeScript Node utility; nothing is downloaded from an arbitrary or unreviewed URL.
Only requires VIRUSTOTAL_API_KEY and two binaries. The code only reads process.env.VIRUSTOTAL_API_KEY and does not attempt to load other environment variables or secrets. Credential requirements are proportional to the stated VirusTotal integration.
The skill has high privilege: it can mutate security allowlists via the Bridge and move files into a quarantine folder. That privilege is explicitly documented, and model-autonomous invocation is disabled. Still, this is a powerful tool and should be run manually and with care.
Guidance
This skill appears to do what it claims, but it is high-privilege. Before running: (1) run only in dry-run mode first to review planned actions; (2) back up your skills/ directory or use a disposable environment before using --fix; (3) verify the openclaw binary and Bridge RPC (security.trustSkill) are genuine and trusted on your system; (4) ensure your VIRUSTOTAL_API_KEY has appropriate scope and rate limits; (5) inspect the files the scanner flags (the scanner can produce false positives) before committing trust; (6) accept that --fix will rename/move files to .quarantine (destructive) and that npm install will fetch dependencies from the public registry.
Latest Release
v2.7.0
- Added disable-model-invocation: true, preventing model/agent-triggered execution—manual use only. - Updated documentation to warn that this is a high privilege tool and must be run manually. - No functional changes to core workflow or usage, but clarified risk and usage safeguards.
More by @jacobthejacobs
Published by @jacobthejacobs on ClawHub
