Back to skill
Skillv2.2.0
VirusTotal security
Max Auth · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 5:14 AM
- Hash
- 10926a8ad03d23b89a8f2e360e463cbac5eee46d2ae670b091859734a2c60a72
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: max-auth Version: 2.2.0 The max-auth skill bundle provides a legitimate local authentication server designed to protect sensitive agent actions using master passwords and biometric passkeys (WebAuthn). The implementation in auth-server.js follows security best practices, including PBKDF2 password hashing with salts, rate limiting to prevent brute-force attacks, and audit logging. A notable security-enhancing feature is the 'secure secret handoff,' which allows users to provide credentials via a one-time browser form that stores data in memory only, preventing sensitive keys from appearing in chat transcripts. No evidence of data exfiltration, malicious execution, or unauthorized persistence was found.
- External report
- View on VirusTotal