Back to skill
Skillv0.3.1
VirusTotal security
openclaw-tally · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:28 AM
- Hash
- 42470545e518cc8f0391398d241c19a39df3eacac835a3906dae886c98d78cf9
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: openclaw-tally Version: 0.3.1 The OpenClaw Tally skill is classified as benign. The code and documentation consistently declare and enforce strict security boundaries, including no network access, no arbitrary `exec` permissions, and sandboxed filesystem writes limited to `~/.openclaw/tally/`. All database interactions in `src/ledger.js` use prepared statements, effectively preventing SQL injection. Path validation in `src/ledger.js` explicitly restricts database file creation to allowed directories, mitigating arbitrary file write vulnerabilities. The `SKILL.md` and `README.md` are straightforward documentation without any prompt injection attempts against the agent. While `better-sqlite3` is a native dependency, it is a legitimate and widely used library for SQLite in Node.js, and its use does not indicate malicious intent within this skill.
- External report
- View on VirusTotal