Back to skill
Skillv1.0.3
VirusTotal security
DocClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:08 AM
- Hash
- fdde77c5635cf97af6b2ca0b53153cb5a011dc32948a9f5fcbbe9c3e4f369b57
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: docclaw Version: 1.0.3 The DocClaw skill is designed with a strong focus on security. Its Python scripts (`fetch_doc_markdown.py`, `refresh_docs_index.py`) implement multiple layers of validation to strictly enforce network fetches only from `https://docs.openclaw.ai`, preventing URL injection and off-domain data retrieval. The `SKILL.md` explicitly outlines security constraints for the agent, such as not passing full URLs and re-validating index-derived URLs. The `smoke_test.py` includes specific tests to ensure these security controls are effective against malicious index entries. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent within the skill's content. The use of `rg` for local search is a capability, not a vulnerability within the skill itself, as the skill does not provide a vector for malicious input.
- External report
- View on VirusTotal