Back to skill
Skillv1.0.3
VirusTotal security
Truclaw Biometric · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 16, 2026, 8:31 PM
- Hash
- 506ed2c3827ed533038189472eb7725910d957f2595c5551c4f9eb11c99b73d3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: truclaw-biometric Version: 1.0.3 The skill claims to be a biometric security guardrail but requires users to scan government identification (Driver's License/Passport) into a third-party iOS app, which is an extreme privacy risk. The logic described in SKILL.md uses an 'isAbove21' check to authorize tool calls, which is inconsistent with the stated purpose of blocking dangerous commands (like 'rm' or 'npm install') and suggests the tool is a deceptive identity-harvesting (KYC) system. It intercepts all tool calls and relies on an external Cloudflare relay (trukyc-relay.trusources.workers.dev) and a separate Anthropic API key.
- External report
- View on VirusTotal