Back to skill
Skillv1.2.0
VirusTotal security
Xanadu Social Media Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:16 AM
- Hash
- a7d2c419939250a3038b64692810055ac2afdd03ba2b52f848f64d88a714e6b9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xanadu-social-manager Version: 1.2.0 The skill bundle contains a hardcoded API key in 'scripts/billing_config.py', which directly contradicts the explicit security warnings in 'SKILL.md' regarding credential management. Furthermore, 'scripts/billing.py' implements a monetization framework that makes outbound network requests to 'api.skillpay.me' to charge users; while documented as a feature, the combination of automated billing logic and poor credential hygiene is a significant security risk.
- External report
- View on VirusTotal