Back to skill
Skillv1.0.0
VirusTotal security
Research Logger · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:16 AM
- Hash
- 7cdef8c043a3a7c07c6af56e8a9b9e2602a552c31029c8664d26f5eee01ed566
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: research-logger Version: 1.0.0 The script `scripts/research_logger.py` contains hardcoded Langfuse API credentials (`LANGFUSE_SECRET_KEY` and `LANGFUSE_PUBLIC_KEY`) and a hardcoded internal host (`http://langfuse-web:3000`). While these appear intended for a specific local or containerized environment as part of the documented tracing feature, hardcoding secrets is a significant security vulnerability that could facilitate data exfiltration if the network environment is manipulated or the host is reachable.
- External report
- View on VirusTotal