Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw Health · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:31 AM
- Hash
- fe1e21d40a6b877a49a40198c50905bb6dfeb9157c905f0e4836687d17ae6b43
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-health Version: 1.0.0 This skill is classified as suspicious due to its use of high-risk capabilities, although they appear aligned with its stated purpose. It interacts with the 1Password CLI (`op` command in `core/util/secrets.py`) to read and optionally write sensitive OAuth tokens, and it persists these tokens locally in `~/.openclaw/secrets/health_tokens.json` (`core/util/local_secrets.py`). While these actions are necessary for the skill's functionality (fetching health data and managing token rotation), programmatic access to a password manager and local storage of sensitive credentials represent significant security capabilities that could be abused if the skill were compromised or designed with malicious intent. There is no clear evidence of intentional malicious behavior, such as unauthorized data exfiltration to external endpoints or harmful prompt injection against the agent in `SKILL.md`.
- External report
- View on VirusTotal