Back to skill
Skillv1.0.1
VirusTotal security
Runstr analytics · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:08 AM
- Hash
- be929120306b6f2e6e9e7910febcc023889071b5e3adcf0c32037342580eb0e6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: runstr-analytics Version: 1.0.1 The skill handles highly sensitive Nostr private keys (nsec) and decrypted personal fitness/journal data, which are high-risk behaviors. While the documentation in SKILL.md and scripts/analyze_extended.py claims to handle the nsec securely via stdin to prevent exposure in process lists, the implementation actually accepts the nsec as a command-line argument in all Python scripts and the daily_update.sh script, creating a significant information exposure vulnerability. Additionally, the skill lists 'requests' as a dependency in _meta.json and SKILL.md but never utilizes it in the code, and it sets up persistence via a cron job (setup_cron.sh) to automate data fetching and local caching in a SQLite database.
- External report
- View on VirusTotal