Back to skill
Skillv1.0.0
VirusTotal security
RUNSTR Fitness · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:31 AM
- Hash
- 58a22da394c7c4f966f24f75f79fb65d7bcaa5770d73a095f784e4386cfc269a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: runstr-fitness Version: 1.0.0 The skill requires the user to provide their highly sensitive Nostr private key (nsec) to the AI agent for decrypting fitness data. While the skill explicitly states the nsec is not stored, logged, or transmitted, and the provided code snippets (using `nak` and a Node.js script in SKILL.md) show it being used locally for decryption, the handling of such a critical credential by an AI agent is a significant security risk. There is no clear evidence of malicious intent like exfiltration or persistence, but the inherent risk of processing a private key warrants a 'suspicious' classification.
- External report
- View on VirusTotal