Back to skill
Skillv2.5.13
VirusTotal security
ClawVault · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:15 AM
- Hash
- 1891f0ab99177de6ff6ea66be9b67aa74b726adb215f178f0a7fc5b603b8aa34
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: clawvault Version: 2.5.13 The OpenClaw AgentSkills bundle for ClawVault is classified as benign. The `SKILL.md` transparently declares its capabilities, including reading/writing files in a vault directory, modifying OpenClaw session transcripts (with backups), and making LLM API calls for 'observe' compression using an optional `GEMINI_API_KEY`. The `hooks/clawvault/handler.js` implements these features by executing the `clawvault` CLI tool using `child_process.execFileSync` with `shell: false`, which is a secure method that prevents shell injection. Furthermore, the handler includes extensive input sanitization for all data passed to CLI commands or injected into agent prompts, demonstrating a strong focus on security. Any prompt injection against the agent is for benign purposes, such as providing context or a memory checklist, and is carefully sanitized.
- External report
- View on VirusTotal