Back to skill
Skillv1.1.0
VirusTotal security
MFA WORD · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 3:56 AM
- Hash
- 95112f42c5cc4ce69a9f4d1d8ae802b7a7648f018735ad5ff030b516b468cf86
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: mfa-word Version: 1.1.0 The OpenClaw AgentSkills bundle 'mfa-word' is designed to implement a multi-factor authentication gatekeeper. The `SKILL.md` provides clear instructions for the AI agent to enforce security checks before sensitive actions, without any prompt injection attempts to bypass security or perform malicious acts. The `index.js` code uses standard Node.js file system operations to store hashed secrets and audit logs locally within the user's `.openclaw` directory. It uses SHA256 for hashing secrets and has no external dependencies or network calls. There is no evidence of intentional harmful behavior such as data exfiltration, unauthorized execution, or persistence mechanisms. While the `sensitive_list` parameter could theoretically be a vector for prompt injection if the AI agent's internal detection mechanism for patterns is vulnerable, the skill itself does not instruct the AI to exploit this, nor does its code perform any malicious actions with these patterns. The skill's functionality is aligned with its stated purpose of enhancing security.
- External report
- View on VirusTotal