Back to skill
Skillv1.0.0
VirusTotal security
Kuvera Portfolio & Market Data · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:50 AM
- Hash
- 38d64376284bc47752631dd2fe6343a67d5d5cf58a1a2f9c66eb787c79bfb00c
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: kuvera Version: 1.0.0 The skill bundle is classified as benign. The `kuvera-cli.js` script explicitly enforces a 'read-only' policy by blocking all non-GET HTTP requests, except for the `/api/v5/users/authenticate.json` endpoint, which is necessary for login. This strong safety mechanism directly aligns with the '⛔ SAFETY — READ-ONLY' instructions in `SKILL.md` and `README.md`. Credentials are stored in the designated `~/.openclaw/credentials/kuvera/token.json` path, and all network communication is directed to the legitimate `api.kuvera.in` domain. There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts designed to bypass safety instructions or perform harmful actions.
- External report
- View on VirusTotal