infostealer-malware-detectorlisted

# Infostealer Malware Detector & Remover (v1.1) > Tech Stack Target / Version: Windows Defender CLI, VirusTotal, MalwareBazaar, Python 3.8+, and cross-platform shell tooling. ## Overview This skill gives OpenClaw a complete workflow to **search every file on the system**, identify infostealer indicators, compute secure hashes, and verify them against live public databases. **Core principles (strict)** - Primary detection: Targeted file search + SHA-256 hashing + VirusTotal/MalwareBazaar checks. - AV usage: Windows Defender (mpcmdrun.exe) or any other AV is **permitted only when necessary** (hash checks inconclusive, high suspicion remains, or user explicitly requests deeper scan). - **Never default to AV** – the agent must complete the full custom hash workflow first and document why AV escalation is needed. - Full user confirmation required before any quarantine or AV scan. - Full audit trail and quarantine before removal. **When to activate automatically** - "My passwords are being stolen" - "Scan for infostealer / stealer malware" - "Check if RedLine / Vidar / Lumma is on my PC" - "Clean my system" (but follow custom-first rule) - Leverage native parallel subagent dispatch and 200k+ context windows where available. ## Prerequisites - Internet connection (for hash lookups) - Optional but highly recommended: free VirusTotal API key (`VT_API_KEY`) - Python 3.8+ (for `scripts/hash-checker.py`) - Admin/root privileges for full system scan - Windows Defender enabled by def