Back to skill
Skillv1.0.0
VirusTotal security
Claw-Value-Judge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:14 AM
- Hash
- 937e0d28e3c3df94367e7925c6a3558a60da8c9163ae4d6be68afdf788d9ae52
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw-value Version: 1.0.0 The skill bundle is designed to evaluate OpenClaw usage by parsing local logs and configuration files. It is classified as suspicious due to a DOM XSS vulnerability in 'web/index.html' (via the 'clawJudge' URL parameter) and risky file access logic in 'lib/image_generator.py'. Specifically, the image generator uses a broad regular expression to extract API keys from '~/.openclaw/workspace/TOOLS.md', which could inadvertently capture and expose unrelated sensitive credentials. While these behaviors are aligned with the tool's stated purpose of gamified system evaluation, the lack of input sanitization and the potential for credential exposure present a meaningful security risk.
- External report
- View on VirusTotal