Back to skill
Skillv1.0.4
VirusTotal security
OpenClaw BaseCred SDK · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:49 AM
- Hash
- 647fbc08db0ef8b170c8bbf7d7a3d6452f237c5ee1ffcc8af02811e67ec650a3
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: openclaw-basecred-sdk Version: 1.0.4 The skill is classified as benign. While the `CHANGELOG.md` and `README.md` transparently disclose past critical vulnerabilities, including accidentally leaked API keys and a non-portable hardcoded user path, these issues have been thoroughly remediated. The current code in `scripts/lib/basecred.mjs` securely loads credentials using `os.homedir()` and `path.join()` to `~/.openclaw/.env`, preventing directory traversal. Input validation for Ethereum addresses is present, and the skill's network access to Ethos, Talent Protocol, and Neynar APIs is directly aligned with its stated purpose of fetching public reputation data. There is no evidence of intentional malicious behavior, data exfiltration beyond stated purpose, or harmful prompt injection against the agent in the current version.
- External report
- View on VirusTotal