Back to skill
Skillv1.0.0
VirusTotal security
Google Tag Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:05 AM
- Hash
- 1233bfd5b53936fc338978b4afea35514f74091370703113786d1dbcfc0a7bb6
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: google-tag-manager Version: 1.0.0 The OpenClaw skill `google-tag-manager` is designed to manage Google Tag Manager resources via the GTM API v2. The `SKILL.md` clearly outlines its purpose and required environment variables, including `GOOGLE_APPLICATION_CREDENTIALS` for a service account key. The core script `scripts/gtm.sh` securely handles authentication by either leveraging `gcloud` or generating JWT tokens via an embedded Python script, using appropriate OAuth2 scopes (`tagmanager.edit.containers`, `tagmanager.publish`, `tagmanager.readonly`). All network calls are directed to legitimate Google API endpoints, and JSON parsing/construction is handled safely. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent. The skill's functionality is entirely aligned with its stated purpose of GTM administration.
- External report
- View on VirusTotal