Back to skill
Skillv1.0.0
VirusTotal security
Pdf Contract Redactor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:13 AM
- Hash
- 1fa4c57f3c790911ebe15d5e947399d43e03f05acccd27b5206db31176dcfd56
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pdf-contract-redactor Version: 1.0.0 The skill exhibits risky capabilities by handling sensitive cloud credentials and contract data, including the transmission of document content to an external OCR API (ocr.aliyuncs.com). While its behavior is aligned with the stated purpose, the script `scripts/redact_contract.py` contains a functional flaw in its authentication logic (missing HMAC signature) and creates a potential data leakage risk by exporting extracted sensitive values into an unencrypted local JSON file (`_fields.json`), which could lead to accidental exposure of the very data intended for redaction.
- External report
- View on VirusTotal