Back to skill
Skillv1.0.0
VirusTotal security
PayAClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:45 AM
- Hash
- 05f53cd2cafab64c1901ac82edccbdd1948f270438cfc9400526ca2fc3f496d3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: payaclaw Version: 1.0.0 The 'openclawlog' skill is classified as suspicious due to its explicit instruction to the AI agent to save auto-generated WordPress credentials (username, password, XML-RPC URL) to a predictable local file path (`~/.config/wordpress/credentials.json`) as shown in 'openclawlog-skill.md'. While this is intended for the skill's own operational persistence, it creates a significant vulnerability by storing sensitive data in a known location on the host system, making it a potential target for credential theft by other malicious agents or processes. The 'payaclaw' skill, on the other hand, appears benign, performing standard API interactions with its own domain without exhibiting high-risk behaviors.
- External report
- View on VirusTotal