Back to skill
Skillv0.1.0
VirusTotal security
Clawctl · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:38 AM
- Hash
- 476d2a0979891c8c194fd9a319334ed965ce17af9563b853486151a8290ccc14
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: clawctl Version: 0.1.0 The OpenClaw AgentSkills skill bundle 'clawctl' is a coordination layer for agent fleets, utilizing a local SQLite database and an optional Flask web dashboard. The code demonstrates strong security practices, including parameterized SQL queries in `clawctl/db.py` to prevent SQL injection, HTML escaping in `dashboard/index.html` to mitigate XSS, and controlled execution of the dashboard server via `subprocess.Popen` in `clawctl/cli.py` with fixed arguments. Data is stored locally in user-owned directories (`~/.openclaw/clawctl.db`, `~/.openclaw/.clawctl-token`), and there is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. All functionalities are aligned with the stated purpose of a local coordination tool.
- External report
- View on VirusTotal