Back to skill
Skillv1.0.0
VirusTotal security
AI Shield — OpenClaw Security Audit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:26 AM
- Hash
- 861495dc8878eb69b520feca3018e588ffbbbc37d2978af48f98537c024f7736
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-shield-audit Version: 1.0.0 The skill is designed to perform security audits of OpenClaw configurations, which inherently involves accessing sensitive data. The `SKILL.md` explicitly instructs the AI agent to `cat ~/.openclaw/openclaw.json`, and `bin/shield.js` uses `execSync('openclaw config.get')` to retrieve live configuration, both of which are high-privilege actions that handle potentially sensitive information (API keys, tokens, etc.). While the stated purpose is beneficial (auditing for secret leaks and vulnerabilities) and a `sanitize` function is provided, the direct instruction to access sensitive files and the use of `execSync` for configuration retrieval, without clear evidence of exfiltration, classify it as suspicious due to the inherent risks associated with such powerful capabilities.
- External report
- View on VirusTotal