Back to skill
Skillv1.0.1
VirusTotal security
Wallabag · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:23 AM
- Hash
- 0cc3ef6bfde91b80ccde1cf2d5423258218e2b7e5cba9a383ae1cd6d64a6ea81
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: wallabag Version: 1.0.1 The skill is designed to manage Wallabag bookmarks via its API. It correctly handles sensitive credentials by requiring them as environment variables and explicitly states that tokens are kept in-process and not persisted to disk. The `scripts/wallabag.sh` uses `curl` for all network interactions and appears to safely construct API requests, mitigating common shell injection risks by passing user inputs as values to `--data-urlencode` or as structured path components. No evidence of data exfiltration to unauthorized endpoints, persistence mechanisms, obfuscation, or prompt injection against the agent was found in any of the files.
- External report
- View on VirusTotal