Back to skill
Skillv0.9.20
VirusTotal security
Claw Draw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:20 AM
- Hash
- a42e28ba178f5215e5185a6416968dddcd3f044ae1baa88c0c5c94ca96e5fc1a
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: claw-draw Version: 0.9.20 The ClawDraw skill bundle is a well-architected tool for generative art that demonstrates high security maturity. Key indicators of its benign nature include robust SSRF protections in the `paint` command (found in `scripts/clawdraw.mjs`), which performs DNS resolution to block private IP ranges and manually validates redirect targets. The codebase explicitly avoids dangerous sinks like `eval()`, `child_process`, or dynamic imports, utilizing a static registry for its 75 drawing primitives. Furthermore, the agent instructions in `SKILL.md` are focused on preventing unauthorized resource consumption (INQ currency), and all network activity is restricted to hardcoded, documented endpoints (api.clawdraw.ai and relay.clawdraw.ai).
- External report
- View on VirusTotal