Back to skill
Skillv1.0.7
VirusTotal security
SpotiClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:13 AM
- Hash
- 3dc9028f586c866d4b398df26759a255c824a649b8c98ad4032a2dd62d156419
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: spoticlaw Version: 1.0.7 The OpenClaw AgentSkills skill bundle 'spoticlaw' is a legitimate Spotify Web API client. Code analysis reveals standard OAuth 2.0 token management, secure handling of credentials (read from .env, token saved to .spotify_cache), and all network communications directed to official Spotify API endpoints. The `SKILL.md` documentation explicitly states that tokens do not pass through the AI model and requires manual copying, reinforcing a secure design. There is no evidence of data exfiltration, unauthorized remote execution, persistence mechanisms, or prompt injection attempts against the AI agent.
- External report
- View on VirusTotal