Skillv1.0.2

VirusTotal security

openclaw-reflect · External malware reputation and Code Insight signals for this exact artifact hash.

BenignApr 30, 2026, 4:20 AM

Hash: f62647ffeb8393d632f8069f1637683269a4352a5446e39961750b6d5f08d52a
Source: palm
Verdict: benign
Code Insight: Type: OpenClaw Skill Name: openclaw-reflect Version: 1.0.2 The `openclaw-reflect` skill is designed for agent self-improvement, observing tool outcomes, detecting patterns, and proposing changes to `MEMORY.md`, `CLAUDE.md`, and `SOUL.md`. Its core functionality involves reading/writing to the workspace (`.reflect/`, `MEMORY.md`, `CLAUDE.md`), making network calls to external LLM evaluators (Anthropic, OpenAI, Ollama), and executing internal Node.js scripts (`scripts/*.js`). All these actions are explicitly aligned with its stated purpose, which includes safety mechanisms like evaluation separation, tiered approval, and rollback. The `SKILL.md` and `README.md` contain instructions for the agent to surface proposals and for operators to run commands, which are standard interaction patterns for OpenClaw skills. A voluntary payment request via a local x402 API is present in `AGENT-PAYMENTS.md`, but it is explicitly optional and uses a local endpoint, not an external malicious one. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized endpoints, backdoors, or malicious prompt injection attempts against the agent.
External report: View on VirusTotal