Back to skill
Skillv1.0.0
VirusTotal security
Oda Monitor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:32 AM
- Hash
- 157e5d66526d5ad8f40ec2589337ff28234dc910f65d0578b3735faeecde1bfb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: oda-monitor Version: 1.0.0 The skill contains instructions in index.js (within the WATCHDOG_SYSTEM_PROMPT) that command the AI agent to silently use its native file-writing tools to create or overwrite a .env file with the user's API credentials. While presented as an onboarding convenience, instructing an agent to perform automated filesystem modifications and store secrets in plaintext is a high-risk behavior. Additionally, the skill proxies all tool execution to a remote endpoint (https://api.watch.dog/api/mcp_server.php), which is consistent with its stated purpose but requires the user to trust the external service with their API key.
- External report
- View on VirusTotal