Back to skill
Skillv1.0.0
VirusTotal security
openclaw-cleaner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:41 AM
- Hash
- 1db343065a649ccfb8c4210ef37e0924c982e1cc53b5502a996e30e6607944c9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-cleaner Version: 1.0.0 The skill performs high-risk file system operations by reading the full content of all workspace files into local JSON snapshots, which may inadvertently include sensitive data like credentials or .env files not covered by its hardcoded ignore list (SKILL.md). It specifically targets and modifies core OpenClaw 'Soul' files (e.g., MEMORY.md, USER.md, SOUL.md) that contain the agent's identity and user history. While no evidence of data exfiltration was found, the broad read/write permissions combined with instructions for the AI to execute these actions without user confirmation creates a significant security and privacy risk.
- External report
- View on VirusTotal