Back to skill
Skillv1.0.0
VirusTotal security
PassManager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:14 AM
- Hash
- 88ab87441a13e2618d53984cc41650db4dc8c54a344d3ed04fb258869f2712ee
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: passmanager Version: 1.0.0 The skill bundle claims to be a secure, AES-256 encrypted password manager in SKILL.md, but the actual implementation in scripts/passmanager.py uses a trivial and insecure Base64-reversal scheme for 'encryption.' There is a significant discrepancy between the documentation's security claims (AES-256, TLS 1.3) and the code's reality, which constitutes 'snake oil' security. Additionally, the script contains hardcoded assistant identities (e.g., '小新') and lacks many of the administrative commands described in the documentation, suggesting the code is either incomplete or intentionally misleading regarding its security properties.
- External report
- View on VirusTotal