Back to skill
Skillv1.0.7
VirusTotal security
openlens-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:11 AM
- Hash
- 97ae6c840c637902d8e38859c1492491bbd1c95ca16ca49620d81323fd1c9376
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openlens-skill Version: 1.0.7 The OpenLens skill's core functionality is benign, designed for AI image/video generation and local file saving. However, the `config.json` file within the bundle contains a live API key (`sk-px-97d6f29fb4c79b6f21b7ae000d9dab669a4fa1ab`). This constitutes a critical credential exposure vulnerability, despite documentation (`CHANGELOG.md`, `RELEASE-v1.0.7.md`) indicating the developer's intent to protect such keys. The code itself uses this key for its stated purpose and does not exhibit malicious intent like exfiltration or unauthorized actions, but the exposure of a live credential warrants a 'suspicious' classification.
- External report
- View on VirusTotal