Back to skill
Skillv1.0.2
VirusTotal security
Openclaw Vault · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:28 AM
- Hash
- 95c6e6f2d5a6ae0a580e2ed2d672eb43ca6053a6eae89f362eaf4dc81e1c2a94
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: openclaw-vault Version: 1.0.2 The OpenClaw Vault skill bundle is a credential lifecycle security tool designed to detect and remediate exposed secrets. Its Python script (`scripts/vault.py`) performs extensive local file system scanning, permission checks, and interacts with Git history via `subprocess.run`. While it possesses powerful capabilities like modifying file permissions (`os.chmod`, `icacls`) and moving files to a quarantine directory (`shutil.move`), these actions are explicitly for security hardening and remediation, not for malicious purposes. The skill explicitly states and adheres to 'No external dependencies' and 'No network calls', significantly reducing data exfiltration risk. There is no evidence of prompt injection attempts in `SKILL.md` or `README.md`, nor any clear shell injection vulnerabilities in the Python code's use of `subprocess.run` or `shutil.move`.
- External report
- View on VirusTotal