Back to skill
Skillv1.0.3
VirusTotal security
Trakt Read-only · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:42 AM
- Hash
- 59f7956e8d3bff62321c644daec66952a4b602d0e85d468fce1cd9dc3d599309
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: trakt-readonly Version: 1.0.3 The OpenClaw skill 'trakt-readonly' is designed for read-only interaction with the Trakt.tv API. The `SKILL.md` provides clear, non-malicious instructions and strong guardrails, explicitly stating to only call `https://api.trakt.tv` and never log API keys. The `scripts/trakt-api.sh` script uses `curl` and `jq` as declared, and implements input sanitization for user-provided parameters (`start_at`, `end_at`) using `jq`'s URL encoding. Environment variables like `TRAKT_USERNAME` are used as intended for API calls, and while directly interpolated into URL paths, this is generally safe with `curl` for trusted environment variables and does not indicate malicious intent or a clear shell injection vulnerability. No evidence of data exfiltration, malicious execution, persistence, or prompt injection attempts was found.
- External report
- View on VirusTotal