ClawHub
Back to skill
v1.0.2

VirusTotal Hash Analyzer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:10 AM.

Analysis

This appears to be a straightforward VirusTotal lookup helper, but it uses your VirusTotal API key and sends queried indicators to VirusTotal.

GuidanceThis skill looks purpose-aligned for checking hashes, URLs, domains, and IPs with VirusTotal. Before installing, be comfortable providing a VirusTotal API key and sending any queried indicators to VirusTotal, and verify the publisher/version because the registry provenance is limited.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
metadata
Source: unknown; Homepage: none; Version: 1.0.2

The registry metadata has limited provenance and differs from the included artifact metadata that declares version 2.0.0. No risky install behavior is shown, but the release identity should be checked.

User impactIt may be harder to confirm the maintainer, source repository, or exact version lineage of this skill.
RecommendationVerify the publisher and compare the packaged files with a trusted source before relying on it in sensitive environments.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/vt_lookup.py
key = os.environ.get("VT_API_KEY", "").strip()

The helper reads a VirusTotal API key from the environment to authenticate lookups. This is expected for the stated integration, but it uses the user's VirusTotal account identity and quota.

User impactQueries may consume the user's VirusTotal quota and are associated with the configured API key.
RecommendationUse a dedicated VirusTotal API key with the minimum needed permissions and rotate it if it may have been exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
scripts/vt_lookup.py
VT_API_BASE = "https://www.virustotal.com/api/v3"

The script sends queried IOC values to the VirusTotal API. This is central to the skill's purpose and disclosed, but IOCs such as internal domains, URLs, or IPs can be sensitive.

User impactAny indicator submitted for lookup may be visible to or logged by VirusTotal according to that service's policies.
RecommendationAvoid submitting confidential internal URLs, hostnames, or incident indicators unless your organization allows sharing them with VirusTotal.