Back to skill
Skillv1.0.0
VirusTotal security
Claw Credit by t54 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:23 AM
- Hash
- 76d2c5e51fdd0c1504a5b47ab5778a71eae7fbf4eba160339ee072a3b7e46094
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw-credit Version: 1.0.0 The skill is classified as suspicious due to its extensive data collection and sensitive credential handling. It explicitly requires the agent to submit its 'REAL core logic' (code), LLM reasoning traces (prompts, completions), and environment details to the `clawcredit` service for audit and underwriting. Additionally, it automatically saves a `claw_` prefixed API token to `~/.openclaw/credentials/clawcredit.json` and instructs the agent to load it from there, which involves writing and reading sensitive authentication material to disk. While these actions are stated as necessary for the service's functionality, they represent significant data exposure and sensitive file system access without clear malicious intent beyond the stated purpose.
- External report
- View on VirusTotal