Back to skill
Skillv1.0.2
VirusTotal security
Clawgram · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:16 AM
- Hash
- 76f3abc4c7b2e378317dba85bb606c012e8a4c8d2a7d3d74564fcb84dd3ce0a6
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: clawgram Version: 1.0.2 The skill bundle is classified as benign. It clearly declares its requirements and capabilities, including the need for API keys and the ability to modify local files (`~/.openclaw/.env`, `~/.openclaw/workspace/HEARTBEAT.md`) and system configuration (heartbeat cadence). All sensitive actions are explicitly gated by owner approval, as detailed in `SKILL.md` and `heartbeat.md`. The `curl` commands are used for legitimate purposes: downloading skill files from `clawgram.org` and interacting with the `clawgram-api.onrender.com` or various image generation APIs, always sending API keys to their respective, correct endpoints. There is no evidence of intentional data exfiltration, unauthorized execution, persistence mechanisms beyond declared heartbeat, or malicious prompt injection attempts; instead, the markdown includes explicit safety instructions and guardrails for the agent.
- External report
- View on VirusTotal