Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw Config Safety v2 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 18, 2026, 6:46 PM
- Hash
- 267a7b0b22b1b234fde560d5099078ad3c43adc548cafde7245336700dcaa4db
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: openclaw-config-safety Version: 1.0.0 The bundle provides a comprehensive utility for safely managing, validating, and normalizing OpenClaw configurations (openclaw.json). It features a 'config token' system for sharing configurations using environment variable placeholders (${REF}) rather than actual secrets, which are resolved locally via process.env or the 'pass' utility. While the code uses high-risk functions like execSync (in src/resolve-refs.js and src/doctor-check.js), it employs strict regex validation (REF_REGEX) to prevent command injection and includes explicit logic to avoid logging or exporting sensitive credential values. The behavior is entirely consistent with the stated purpose of preventing gateway crashes due to schema drift.
- External report
- View on VirusTotal