Back to skill
Skillv1.0.1
VirusTotal security
clawnedhub - Scan and Security your OpenClaw Instances · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 4:30 AM
- Hash
- 88abbd32feab6f3266f313c4749d393265be00b08e3fc30765c0a1dd00cf4849
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: clawnedhub Version: 1.0.1 The OpenClaw AgentSkills bundle 'clawnedhub' is a security agent designed to inventory, analyze, and sync security results of installed skills to a dashboard. Its behavior, as described in SKILL.md and implemented in scripts/agent.py, is consistent with its stated purpose. The agent makes network calls to `https://api.clawned.io` to register itself (sending hostname and OS) and to sync skill metadata. During an explicit 'scan' command, it collects and sends skill source file contents (excluding .env files) for security analysis, as clearly documented. The `SKILL.md` includes a benign prompt injection instruction for a cron job (`Run clawned sync to check all installed skills`), which aligns with the skill's function and does not attempt to manipulate the agent into malicious actions. No evidence of credential theft, unauthorized data exfiltration, persistence mechanisms outside of OpenClaw's documented cron, or RCE vulnerabilities were found. The included `detection-patterns.md` and `threat-model.md` are documentation files, not executable code, and reflect a security-conscious design rather than malicious intent.
- External report
- View on VirusTotal