Back to skill
Skillv0.2.9
VirusTotal security
Clawkeep · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:19 AM
- Hash
- fea75ff48c1f270bc6b83e9a6c7e5e90a0229db1d51bab21590b0c77d23af27e
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: clawkeep Version: 0.2.9 The OpenClaw AgentSkills skill bundle for 'ClawKeep' is designed for legitimate version-controlled backups. It instructs the agent to install a global npm package (`clawkeep`), initialize workspaces, manage local and cloud backups, and run background daemons using `clawkeep` commands or `pm2`. All described actions, including extensive file system access, network communication (for cloud/S3 targets and web UI), and persistence, are directly aligned with the stated purpose of a backup solution. The skill's documentation (SKILL.md, clawkeep-cloud/SKILL.md, local/SKILL.md, s3/SKILL.md) explicitly details security features like AES-256-GCM encryption, zero-knowledge principles, client-side encryption, and secure handling of passwords (browser-based setup, keyless daemons). While S3 credentials are noted to be stored locally in `.clawkeep/config.json`, this is transparently disclosed as a design choice for the `clawkeep` tool's operation, not an attempt by the skill to exfiltrate data. There is no evidence of prompt injection attempts, obfuscation, or malicious intent within the skill bundle's instructions.
- External report
- View on VirusTotal