Back to skill
Skillv1.0.0
VirusTotal security
Clawmeter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:01 AM
- Hash
- 9727c87af93a98c7baab834ef354b60d825329ec216f902cea2f8f8ecdd0ab1b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawmeter Version: 1.0.0 The skill is classified as suspicious primarily due to its unauthenticated local API, which, despite being documented as 'local access only,' presents a significant vulnerability if the service is inadvertently exposed beyond localhost. While the skill's core functionality (cost tracking, budget alerts via Telegram/email) is legitimate, the combination of an unauthenticated API and the ability to send external communications creates a high-risk scenario where a compromised agent (via a separate prompt injection) could potentially leverage these capabilities for unauthorized data exfiltration or other malicious actions. No direct prompt injection attempts or intentional malicious code were found within the skill's files, including SKILL.md.
- External report
- View on VirusTotal