Back to skill
Skillv2.2.2
VirusTotal security
Clawdbot Security Check · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:06 AM
- Hash
- 1a449b5db11d02a05a783774787642aa5b026d3ee3a179ae827e6aac58e6d65c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill's primary purpose is a legitimate 'read-only security audit'. However, there is a critical contradiction: the `skill.json` explicitly declares `"readOnly": true` and `"modifiesSettings": false`, while both `SKILL.md` and `README.md` describe a `--fix` flag that 'applies guardrail remediations' by modifying configuration files and permissions. This inconsistency is a significant vulnerability in the skill's self-description and could lead to unexpected agent behavior or a misrepresentation of its true capabilities, making it suspicious despite the otherwise benign intent of a security audit.
- External report
- View on VirusTotal