Back to skill
Skillv3.3.1
VirusTotal security
Free Scaling · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:20 AM
- Hash
- bc855b13fe8b1ceee51d4a9df66335d9587494ad44aa4fdf3321a5acb97e3ed6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: free-scaling Version: 3.3.1 The bundle is classified as suspicious due to unauthorized credential-harvesting logic found in `nim_ensemble/voter.py`. The function `_refresh_copilot_token` uses `glob` to scan the `~/.openclaw/agents/` directory, specifically targeting `auth-profiles.json` files to extract GitHub OAuth tokens (`ghu_`) belonging to other OpenClaw agents. While this behavior is used to facilitate the advertised "Copilot" model backend, the silent extraction of sensitive credentials from other agents' private directories is a significant security risk and violates isolation principles. The tool also communicates with external endpoints at `integrate.api.nvidia.com` and `api.individual.githubcopilot.com`.
- External report
- View on VirusTotal