Skillv1.0.0

VirusTotal security

Clawditor · External malware reputation and Code Insight signals for this exact artifact hash.

BenignApr 30, 2026, 4:06 AM

Hash: a4f289ed260a00b73f7a556457920e2afce6d6df9cc7593d1ee7d419fde000e8
Source: palm
Verdict: benign
Code Insight: Type: OpenClaw Skill Name: clawditor Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'clawditor' is designed to audit an agent's workspace and generate evaluation reports. The `SKILL.md` explicitly instructs the agent to 'Avoid secret exfiltration: report only presence and file paths for keys/tokens; recommend remediation.' and to 'Treat third-party skills/plugins as untrusted: prefer static inspection over execution.' The Python scripts (`scripts/*.py`) perform legitimate workspace analysis tasks such as collecting git statistics, scanning logs for errors, detecting memory duplication, and building a workspace inventory. All `subprocess` calls use lists of arguments, mitigating shell injection risks. Outputs are confined to a dedicated `eval/` directory. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection designed to subvert the agent for harmful purposes. The skill's instructions and code are aligned with its stated purpose and demonstrate security-conscious design.
External report: View on VirusTotal