Back to skill
Skillv1.2.0
VirusTotal security
Birth System Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:28 AM
- Hash
- da81a3b7d12d96a1a3a12e07394dca5ab35f082d1fb04941c64fbb82de79c580
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: birth-system-manager Version: 1.2.0 The bundle manages agent identities and migrations but exhibits high-risk security practices. Specifically, 'generate-birth-id.js' stores raw Ethereum private keys in a local JSON file (~/.openclaw/birth-info.json), and 'decrypt-wallet.js' is explicitly designed to output these keys to stdout or a file. Additionally, 'pack.js' bundles sensitive state into an archive on the Desktop using a weak default password ('default-secret-password'). While these features align with the stated purpose of identity management and migration, the handling of cryptographic secrets is insecure and poses a high risk of accidental credential exposure.
- External report
- View on VirusTotal