Back to skill
Skillv1.1.1
VirusTotal security
Peloton Stats · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:12 AM
- Hash
- 24ce391d7b1bdd467f65b9d6f985ae405769d6a6b780faaa8d3fefe8d2000662
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: peloton-stats Version: 1.1.1 The skill bundle is benign. The `SKILL.md` provides clear instructions for setup and usage without any prompt injection attempts against the agent. The `scripts/fetch_stats.py` Python code correctly implements the stated purpose of fetching Peloton workout statistics. It loads credentials from expected OpenClaw configuration files (`~/.openclaw/agents/main/agent/auth-profiles.json`) or environment variables, and communicates exclusively with legitimate Peloton API endpoints (`api.onepeloton.com`, `auth.onepeloton.com`) to retrieve and report workout data. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation.
- External report
- View on VirusTotal