Back to skill
Skillv1.3.7
VirusTotal security
Claw Store 1.3.3 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:46 AM
- Hash
- 399f69afd6c8c873d1183d55b1cf8b10e625777ff712559d2ba3d6eeda211fd9
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: claw-store Version: 1.3.7 The claw-store skill bundle provides a decentralized memory persistence layer for AI agents using the Jackal Protocol. Analysis of client.py and jackal-client.js confirms that all data is encrypted client-side using AES-256-GCM before transmission, and sensitive credentials like the BIP39 mnemonic and encryption keys are stored locally with restricted (0600) permissions. The SKILL.md instructions include proactive security guidelines, explicitly forbidding the agent from asking for or logging secrets in chat. The use of a Railway-hosted API (web-production-5cce7.up.railway.app) is limited to storage provisioning and usage tracking, with no evidence of private key exfiltration or malicious execution.
- External report
- View on VirusTotal