Infostealer Malware Detector & Remover (v1.1)

Tech Stack Target / Version: Windows Defender CLI, VirusTotal, MalwareBazaar, Python 3.8+, and cross-platform shell tooling.

Overview

This skill gives OpenClaw a complete workflow to search every file on the system, identify infostealer indicators, compute secure hashes, and verify them against live public databases.

Core principles (strict)

• Primary detection: Targeted file search + SHA-256 hashing + VirusTotal/MalwareBazaar checks.
• AV usage: Windows Defender (mpcmdrun.exe) or any other AV is permitted only when necessary (hash checks inconclusive, high suspicion remains, or user explicitly requests deeper scan).
• Never default to AV – the agent must complete the full custom hash workflow first and document why AV escalation is needed.
• Full user confirmation required before any quarantine or AV scan.
• Full audit trail and quarantine before removal.

When to activate automatically

• "My passwords are being stolen"
• "Scan for infostealer / stealer malware"
• "Check if RedLine / Vidar / Lumma is on my PC"
• "Clean my system" (but follow custom-first rule)