Back to skill
Skillv1.0.0-openclaw.1
VirusTotal security
Last30Days Community Intelligence for OpenClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:13 AM
- Hash
- 5fea2097d708a607caab34d656fc20d6059e36e592c61a82839c51257da9367e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: last30days-openclaw Version: 1.0.0-openclaw.1 The skill includes a vendored Node.js component (bird-search) and associated library (scripts/lib/bird_x.py) that programmatically extracts authentication cookies (auth_token, ct0) from Safari, Chrome, and Firefox browsers on macOS. While this is documented as a feature to enable X (Twitter) search without an API key, the automated extraction of sensitive browser data is a high-risk capability typically associated with credential theft. The skill also requires broad file system access to manage secrets and a SQLite database, and it explicitly encourages the creation of cron jobs for persistence (scripts/openclaw_watchlist_run.sh). Although the behavior appears aligned with the stated research purpose, the combination of browser data access and automated scheduling warrants a suspicious classification.
- External report
- View on VirusTotal