Back to skill
Skillv1.0.2
VirusTotal security
Valiron · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:30 AM
- Hash
- d8ebbdf0d43a55e7e717d22e8bb315b6d841af0323bf730729611ecc1ddb6f8b
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: valiron-trust-layer Version: 1.0.2 The skill bundle is designed to intercept and authorize payments using a trust SDK. The `SKILL.md` provides clear instructions without any prompt injection attempts. The core logic in `assets/payment-interceptor.ts` uses the `@valiron/sdk` for external trust lookups, which is its stated purpose, and implements a secure 'fail-closed' default on errors. The `scripts/validate-payment-policy.mjs` script safely reads and validates local JSON policy files, incorporating robust path traversal prevention, NUL byte checks, and file size limits, demonstrating a strong focus on security. All documentation files (`references/*.md`) consistently promote security best practices. There is no evidence of data exfiltration, malicious execution, persistence, or obfuscation.
- External report
- View on VirusTotal