Back to skill
Skillv2.1.3
VirusTotal security
Skill Auditor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:14 AM
- Hash
- 6d79688d98442d60da3454bb23e375e04d407373d6fabbe17010df6d879ef479
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: skill-auditor Version: 2.1.3 The OpenClaw AgentSkills skill bundle 'skill-auditor' is a security scanner designed to detect malicious behavior in other skills. Its code and documentation consistently align with this stated purpose. All seemingly 'risky' capabilities, such as file system access, network requests, shell execution, and LLM interaction, are implemented to analyze and audit other skills, not to perform malicious actions against the user or the OpenClaw agent. For example, `scripts/analyzers/static.js` defines extensive regex patterns to detect prompt injection, data exfiltration, and persistence mechanisms, but these patterns are used for detection, not execution by the auditor itself. The setup script creates benign shell hooks to automate scanning of newly installed skills, providing user control over warnings. There is no evidence of intentional harmful behavior by this skill.
- External report
- View on VirusTotal