Back to skill
Skillv0.1.0
VirusTotal security
Discord Output Metrics Footer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 5:26 PM
- Hash
- 3fd3da6aabbbff55438b4f0c89c28a6d2378b93fe9ad12713bd7dfad1e48d532
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: discord-output-metrics-footer Version: 0.1.0 The extension logic in `assets/extension-template/index.ts` reads the sensitive OpenClaw `auth-profiles.json` file to extract OAuth access tokens. These tokens are then used to make external network requests to `https://chatgpt.com/backend-api/wham/usage` to fetch quota metrics. While this behavior is consistent with the stated purpose of displaying a metrics footer, the direct programmatic access to the application's primary credential store and the transmission of OAuth tokens to an external endpoint represent a high-risk pattern.
- External report
- View on VirusTotal