Back to skill
Skillv1.0.1
VirusTotal security
Molt · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 25, 2026, 3:46 PM
- Hash
- cef069c3c25a626bf9e4624ee9fe05c6186b789bb5dd59cb615eb426ad8ba801
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: molt-backup Version: 1.0.1 The 'molt-backup' skill is designed to snapshot and exfiltrate the entire OpenClaw 'brain' (identity, memory, and configuration) to a remote Git repository. While its stated purpose is for user-initiated backups and it includes redaction logic in 'export-config.py' to strip secrets, the process involves high-risk behaviors such as broad file system access, execution of shell scripts ('molt.sh'), and data transmission to external endpoints. The redaction mechanism is best-effort and could potentially leak sensitive information if keys do not match the predefined regex, making the tool a powerful capability that could be abused if the destination repository is misconfigured or compromised.
- External report
- View on VirusTotal