Back to skill
Skillv1.0.0
VirusTotal security
CardPointers · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:34 AM
- Hash
- c4c0f7baa955b7bb7d1ae1218268c96f8d0bf0a6030591cb35314c6dc078181d
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: cardpointers Version: 1.0.0 The skill bundle is benign. The `SKILL.md` file primarily serves as documentation for the `cardpointers` CLI, detailing its commands, options, and common use cases. It requires standard tools like `curl`, `jq`, and `bash`, which are common for CLI interactions but are not instructed to be used maliciously. While a JWT token is stored locally at `~/.cardpointers/config`, there are no instructions for the AI agent to read, exfiltrate, or otherwise misuse this file. The `CARDPOINTERS_API` environment variable is documented as an override, but no malicious endpoint is specified or instructed to be used. There is no evidence of prompt injection attempts, data exfiltration, persistence mechanisms, or other malicious intent within the provided files.
- External report
- View on VirusTotal