Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw Cost Auditor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:15 AM
- Hash
- 5e66b0a630f0ce8d9392cf8e03d56fcb8d2b3394e679310c694731a220de89c0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-cost-auditor Version: 1.0.0 The `scripts/audit.py` file is vulnerable to arbitrary file reading due to its direct use of `sys.argv[1]` for the `log_dir` without any input validation or sanitization. An attacker could potentially exploit this by providing a path to sensitive directories (e.g., `/etc`, `~/.ssh`) via prompt injection to the OpenClaw agent, leading to information disclosure. While the script itself does not exfiltrate data or exhibit other malicious behaviors, this vulnerability represents a significant security risk.
- External report
- View on VirusTotal