Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw Diagnostics · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:16 AM
- Hash
- 40ba90a4ca4c1cbbfee9be0042ec2b078447869b938f9b203ad308e4caaf1fba
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-diagnostics Version: 1.0.0 The skill bundle is designed for OpenClaw diagnostics but includes scripts (`get-diagnostic-info.sh` and `check-common-issues.sh`) that read the `~/.openclaw/openclaw.json` configuration file, which typically contains sensitive API keys and channel credentials. Specifically, `get-diagnostic-info.sh` outputs the entire raw configuration to the agent's context without any redaction, creating a significant risk of credential exposure. While these actions are consistent with the stated diagnostic purpose, the lack of secret filtering and the inclusion of a network-enabled update script (`update-knowledge-base.ts`) that fetches remote content from `docs.openclaw.ai` represent a high-risk profile.
- External report
- View on VirusTotal