Skillv1.0.0

VirusTotal security

brand-sentinel · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewApr 14, 2026, 11:46 AM

Hash: a86e9c415f0e97dcbe7c04b306a30d20fa6ebfafa60675cd395cfcd3a5773f39
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: brand-sentinel Version: 1.0.0 The script `scripts/sentinel.py` contains hardcoded API credentials (`APP_KEY`) and relies on an unauthenticated local service (`127.0.0.1:18432`) for token retrieval, which are significant security vulnerabilities. While the code logic is consistent with the stated brand monitoring purpose and no evidence of intentional data exfiltration or malicious execution was found, the inclusion of static secrets and reliance on local network services represent high-risk development practices.
External report: View on VirusTotal