Back to skill
Skillv1.3.0
VirusTotal security
Vitavault · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:13 AM
- Hash
- c12d0c496c88933d5ebdb21f8065153e17abce6e138c117397a96db05e0c2ca3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vitavault Version: 1.3.0 The skill is classified as suspicious due to a significant contradiction between its stated purpose and the functionality of `scripts/query.py`. The `SKILL.md` explicitly claims "No shared servers, no middleman - data flows phone to your agent only" and that data is saved "nowhere else" than the agent's host. However, `scripts/query.py` is designed to query a *remote* API (requiring `VITAVAULT_API_URL` environment variable) and is listed in `SKILL.md` under 'Querying Health Data' as if it operates on local data. This deceptive representation of external network activity, despite claims of local-only data handling, raises concerns about transparency and potential for undisclosed data interactions.
- External report
- View on VirusTotal