Back to skill
Skillv1.0.3
VirusTotal security
Drip Billing · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 5:00 AM
- Hash
- b9f9067f82cb02387df045340ec0093ca056329bf423f549d8a9edab335cdeae
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: drip-billing Version: 1.0.3 The OpenClaw AgentSkills skill bundle for 'drip-billing' is designed for usage tracking and billing, and its documentation (`SKILL.md`, `references/API.md`) is exceptionally transparent and security-conscious. It explicitly details what data is sent (usage quantities, customer IDs, sanitized metadata) and, crucially, what is NOT sent (raw prompts, secrets, environment variables, file contents). The skill repeatedly emphasizes using least-privileged API keys (`pk_` over `sk_`) and warns against including PII or secrets in metadata. While the MCP server integration allows an agent autonomous access to Drip tools, the documentation proactively highlights this and recommends using `pk_` keys to limit the blast radius. There is no evidence of intentional harmful behavior, obfuscation, or instructions for prompt injection against the agent to perform unauthorized actions; instead, it provides strong security guidance.
- External report
- View on VirusTotal