Back to skill
Skillv1.0.0
VirusTotal security
Smart Memory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:50 AM
- Hash
- 680c2acc04e5fb72115095943c57de85c96e84de0c81f98c0d6a838be5538d90
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openjaw-smart-memory Version: 1.0.0 The skill is classified as suspicious due to the explicit instruction in `SKILL.md` to the AI agent to store 'API keys (stored locally only)' in plain JSON files. While the `memory-manager.sh` script itself does not exfiltrate this data and uses `jq --arg` to prevent direct shell injection into its commands, storing sensitive credentials in an unencrypted local file is a significant security vulnerability. This creates a high-risk prompt injection surface, as a compromised agent or a malicious user prompt could later instruct the agent to retrieve and misuse these stored keys, even if the skill's author intended for local-only storage.
- External report
- View on VirusTotal