Back to skill
Skillv1.0.0
VirusTotal security
Claude OAuth Auto-Renewal · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:11 AM
- Hash
- d27697320524988061fe3b67334b31835186cc4b77a5c57c42172d3bb31797f4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claude-oauth-renewal Version: 1.0.0 The skill automates Claude Code OAuth token renewal using high-risk techniques, including reading sensitive credentials from the macOS Keychain and using AppleScript (osascript) to inject JavaScript into Google Chrome tabs to scrape authentication codes. While these actions in 'scripts/check-claude-oauth.sh' are aligned with the stated purpose of preventing agent downtime, the use of browser automation to bypass manual authorization and the storage of session logs in world-readable locations ('/tmp/claude-auth-pty.log') represent significant security risks. No evidence of intentional data exfiltration or remote command execution was found.
- External report
- View on VirusTotal