Back to skill
Skillv0.1.1
VirusTotal security
WebChat HTTPS Proxy · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 5:51 AM
- Hash
- a654cecb53bce1b365458b40f761661e74834686f54920977a86b8f0d6093c9e
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: webchat-https-proxy Version: 0.1.1 The skill implements an HTTPS/WSS reverse proxy for the OpenClaw WebChat UI with a strong focus on security. Key features include SSRF protection (restricting upstream connections to localhost), path traversal protection for static file serving using realpath validation, and constant-time authentication token validation (hmac.compare_digest). The scripts (deploy.sh, uninstall.sh) and the Python server (https-server.py) follow best practices, such as enforcing TLS 1.2+, implementing upload/response size limits, and setting restrictive file permissions (0600) on generated private keys. No indicators of malicious intent or data exfiltration were found.
- External report
- View on VirusTotal