Back to skill
Skillv0.1.0
VirusTotal security
Roty Tiffin Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:05 AM
- Hash
- 49eb7ecbc73cd88aec7fa08538d4d370562bc17d63af5122524ba58851f5b6c1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: add-tiffin-order-roty-input Version: 0.1.0 The skill bundle contains hardcoded credentials (email and password) for a 'samwisethebot' account within the automation scripts `roty_order_automation.py` and `roty_playwright_dryrun.py`. Furthermore, `onboard_product.py` includes a logic bypass where the `openclaw_context` flag allows users to skip administrative authorization checks when modifying the product database. While these appear to be functional remnants of a specific business integration (Roty Tiffin), the combination of plaintext credentials and intentional authorization bypasses represents a significant security risk.
- External report
- View on VirusTotal