Back to skill
Skillv2.0.0
VirusTotal security
Proposal Copilot · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:09 AM
- Hash
- ab5a218eb0a0a3bda8e1fac42da87af20798ab2aebd532c12e8b4d2b8ad56528
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: proposal-copilot Version: 2.0.0 The skill contains a hardcoded API key (`sk_2842...`) and performs external network requests to a third-party billing service (skillpay.me) in `index.js`. While these actions are described in the `SKILL.md` instructions, the use of hardcoded credentials and the transmission of user identifiers to an external endpoint are high-risk practices. Furthermore, the code contains significant logic errors, such as a parameter mismatch in the `handle` function and a `charge` routine that is defined but never actually executed, suggesting either a poorly implemented or deceptive billing mechanism.
- External report
- View on VirusTotal