Back to skill
Skillv0.2.1
VirusTotal security
ClawUsage Windows Hardlock · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:53 AM
- Hash
- 279f71d4222b3091ea38ca28e07ea1d65b5bc316fe67c0736fcc5f6d0a8fbf96
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawusage-windows-hardlock Version: 0.2.1 The skill implements several high-risk behaviors that, while aligned with its stated purpose of monitoring usage, constitute a significant attack surface. Specifically, 'openclaw-usage-monitor.ps1' programmatically extracts Bearer tokens from the user's 'auth-profiles.json' to make direct HTTPS requests to 'chatgpt.com', and 'clawusage.ps1' establishes persistence by installing a Windows Scheduled Task ('ClawUsageAuto') to run background workers. While no clear evidence of data exfiltration to unauthorized third parties was found, the automated handling of credentials and system-level persistence mechanisms warrants a suspicious classification.
- External report
- View on VirusTotal