Back to skill
Skillv1.0.0
VirusTotal security
local-config-model-recommender · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:06 AM
- Hash
- 3411ef1e31a6126c69c568f0cf7af906fa996ede5dbe44d15cc9976b546c4901
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: local-config-model-recommender Version: 1.0.0 The skill instructs the AI agent to read and parse the user's local configuration file (~/.openclaw/openclaw.json) in SKILL.md. This file is highly sensitive as it typically contains API keys and provider credentials for various AI services. While this access is plausibly needed to determine which models are available for recommendation, the broad instruction to read the entire config file poses a significant risk of exposing secrets within the agent's context. No explicit evidence of data exfiltration or malicious intent was found, but the behavior is high-risk.
- External report
- View on VirusTotal