Back to skill
Skillv1.0.1
VirusTotal security
FGO Invoicing · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:40 AM
- Hash
- 16984ba256ab0dfadbc9f12356247cd129004ec1063a4f9d0b385ff613b6e526
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: fgo-invoicing Version: 1.0.1 The skill is designed for legitimate FGO.ro API interactions, handling invoice creation and management. It demonstrates strong security awareness through explicit prompt injection defenses in `SKILL.md` and robust path validation in `scripts/fgo_cli.py` (`_safe_input_path`), which restricts file access to `.json` files within allowed OpenClaw directories. Sensitive API keys (`FGO_CHEIE_PRIVATA`) are handled appropriately (read from environment/args, used for hashing, not directly logged). The workflow emphasizes user confirmation for high-impact actions (`--dry-run`, `--allow-final`), and all network calls are directed to the FGO API, with no evidence of malicious external communication or persistence mechanisms.
- External report
- View on VirusTotal