Back to skill
Skillv1.0.2
VirusTotal security
OpenClaw OpenAI Multi Account · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:30 AM
- Hash
- 5884b970faa18709949022694b8195691ed09c97dbb5521e18f0b01e03e4dd6b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-openai-multi-account Version: 1.0.2 The skill manages OpenAI OAuth tokens by reading/writing sensitive files in `~/.openclaw/` and transmitting them to a remote endpoint (`chatgpt.com`) to monitor usage. While these actions align with the stated purpose of account switching and the script uses restricted file permissions (0o600), the inherent risk of credential handling and the ability to override the usage URL via environment variables (`OPENCLAW_CODEX_USAGE_URL`) qualify it as suspicious under the review criteria. Furthermore, the script contains a `NameError` in `cmd_import_codex` (undefined `CODEX_ACCOUNTS_DIR`) and references specific local developer paths in `SKILL.md`, indicating potential quality issues or an incomplete state.
- External report
- View on VirusTotal