Back to skill
Skillv0.2.1
VirusTotal security
OpenClaw Output Metrics Footer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 7:46 PM
- Hash
- 26fd4f8121bb21fffd8e2d00ebbc87e5362202a4c90f73b2dc5a5ca25047e28c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-output-metrics-footer Version: 0.2.1 The skill's extension (index.ts) programmatically accesses the OpenClaw credential store at '~/.openclaw/agents/main/agent/auth-profiles.json' to extract OAuth access tokens. While this is used for the stated purpose of fetching usage metrics from 'https://chatgpt.com/backend-api/wham/usage', the direct reading of sensitive authentication files and the use of those tokens in network requests constitutes a high-risk behavior that could be repurposed for data exfiltration.
- External report
- View on VirusTotal