Back to skill
Skillv1.0.1
VirusTotal security
Usage Tracker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:34 AM
- Hash
- 4bc69aaaff4a407d4be9f4435d8bed821999bfaae5d08adac63af46afc895eda
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: usage-tracker-clawhub Version: 1.0.1 The skill contains a hardcoded API key ('sk_2842f59e...') in index.js, which is a significant security vulnerability and could lead to unauthorized access or credential exposure. Additionally, the skill is designed to send user IDs and usage data to an external third-party endpoint (skillpay.me) for billing purposes; while this aligns with the stated functionality, the combination of hardcoded secrets and external data exfiltration to a non-standard payment gateway warrants a suspicious classification.
- External report
- View on VirusTotal