Back to skill
Skillv1.0.0
VirusTotal security
ClawReceipt · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:52 AM
- Hash
- 764539e55e04ebbfc0e5e2e27f276522690569b5fbd0148426dd3764c604a0a0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawreceipt Version: 1.0.0 The skill is primarily benign, designed for receipt management. However, it is classified as 'suspicious' due to a path traversal vulnerability in `src/db.py` within the `export_to_csv` and `export_to_excel` functions, which directly use an unsanitized `filename` argument. While the `src/tui.py` module (the only part of the skill that calls these functions) uses fixed, safe filenames, and `SKILL.md` explicitly advises the agent not to run the TUI, the underlying vulnerability exists. Additionally, the `requirements.txt` includes `python-dotenv`, which is not used in the provided code, but could be a vector for reading sensitive environment variables if implemented differently. There is no clear evidence of intentional malicious behavior, such as data exfiltration or persistence mechanisms.
- External report
- View on VirusTotal