Back to skill
Skillv1.1.1
VirusTotal security
Openclaw History Viewer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:25 AM
- Hash
- db572775d947d8e1f915d7e0bba392226c2936820a8840b561c4aa6b718137a2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-history-viewer Version: 1.1.1 The skill bundle provides a web-based viewer for OpenClaw chat history but contains significant security vulnerabilities and documentation discrepancies. While the functionality aligns with its stated purpose, `history_server.py` binds the web server to all network interfaces ('0.0.0.0'), directly contradicting the 'local access only' claim in `SKILL.md` and potentially exposing sensitive chat logs to the network. Furthermore, the server includes a session deletion feature (`/api/delete`) that lacks any authentication or CSRF protection, allowing for unauthorized data destruction. These flaws, while likely unintentional, constitute high-risk behaviors in a tool handling private conversation data.
- External report
- View on VirusTotal