Back to skill
Skillv1.0.0
VirusTotal security
Grocy Inventory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:08 AM
- Hash
- 4de3849cd1e014f39032546a1552db223c0eb97a9dada8eb7134d5c2227ef81e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: grocy-inventory Version: 1.0.0 The skill bundle contains a hardcoded API key in SKILL.md for a local Grocy instance (http://localhost:14611). While the logic and documentation in SKILL.md and references/grocy-api.md are consistent with the stated purpose of inventory management, hardcoding credentials is a significant security vulnerability. There is no evidence of intentional data exfiltration or malicious redirection to external domains.
- External report
- View on VirusTotal