Back to skill
Skillv1.0.0
VirusTotal security
Tweet Pipeline · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:21 AM
- Hash
- 0428d91c574596156f97d341da041a6e1f7d1a8950ea4f65b2a535edb89b90b6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tweet-pipeline Version: 1.0.0 The skill contains hardcoded absolute paths to a specific user's home directory (/Users/loki/) and attempts to read sensitive credentials from the host filesystem, specifically ~/.xurl and ~/.config/openclaw/.op-service-token. It relies on the 1Password CLI (op) to fetch secrets, which is a high-privilege operation. While these behaviors appear intended for a specific personal automation setup, the hardcoded environment dependencies and the practice of accessing sensitive files outside the workspace are risky. Additionally, scripts/tweet_post_one.py contains broken logic with undefined variables (refresh, user, xurl_path) in its token refresh function.
- External report
- View on VirusTotal