Back to skill
Skillv1.2.0
VirusTotal security
Claw2Claude · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 7, 2026, 11:36 AM
- Hash
- 7e1c6fa65ac8c4d0c07a4cb8fb02a992db38b556d53beccd7f60653876c1bda7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw2claude Version: 1.2.0 The skill orchestrates the 'Claude Code' CLI, requiring high-risk capabilities such as the use of '--dangerously-skip-permissions' to bypass interactive prompts and reading sensitive files in '~/.openclaw/credentials/' for JWT health checks (scripts/check_token.py). It utilizes background processes (scripts/notifier.py and scripts/heartbeat.py) to deliver results, which requires the user to manually weaken OpenClaw gateway security by allowing the 'message' tool and global session visibility in 'openclaw.json'. While these behaviors are documented as necessary for its function as a cross-runtime bridge, the combination of credential access, background execution, and reduced security boundaries represents a significant risk profile.
- External report
- View on VirusTotal