Back to skill
Skillv1.0.0
VirusTotal security
password-manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 24, 2026, 1:27 PM
- Hash
- 32096de66b1617bfe5051d419a105b20a6eef79816cc6db512f3a61c17fe618a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: password-manager-pro Version: 1.0.0 The skill bundle implements a password manager that stores all user credentials in plain text in a predictable local file (~/.workbuddy/data/passwords.json). While the documentation in SKILL.md and README.md explicitly acknowledges the lack of encryption, this design represents a critical security vulnerability that facilitates credential theft by any local process. No evidence of intentional data exfiltration or hidden backdoors was found in the provided code (scripts/password_manager.py and scripts/password_generator.py), but the high-risk nature of the data handled combined with the absence of basic security controls warrants a suspicious classification.
- External report
- View on VirusTotal