Back to skill
Skillv1.0.0
VirusTotal security
PayPal · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:10 AM
- Hash
- 567f5b98214e07a7532987b9df09e1957e224c40f4aa7d45e52752e91c9052d6
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: paypal Version: 1.0.0 The OpenClaw AgentSkills bundle for PayPal integration is benign. All code examples and instructions provided in SKILL.md, patterns.md, and webhooks.md are directly related to integrating with the legitimate PayPal API endpoints (e.g., api.paypal.com, www.paypal.com). The skill emphasizes security best practices such as OAuth token management, mandatory webhook verification, server-side validation, and idempotency. There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts against the agent to perform malicious actions. The `ngrok` command in `webhooks.md` is a testing instruction for a human developer, not an instruction for the AI agent to execute as part of its core skill functionality.
- External report
- View on VirusTotal