Back to skill
Skillv1.0.1
VirusTotal security
Gumroad Analytics · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:11 AM
- Hash
- 0551a9d7f67430c7cdf45fef7f2f88ee629bf9defa40d9dd841b7cff906255d8
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: gumroad-analytics Version: 1.0.1 The skill bundle is benign. It fetches Gumroad analytics data, processes it, and stores summaries locally in the designated 'memory' directory. Credentials are read from a specified local file (`~/.config/gumroad/credentials.json`). The `SKILL.md` instructions are clear and do not contain prompt injection attempts. The `fetch_metrics.sh` script uses `curl` to interact with the legitimate Gumroad API (`api.gumroad.com`) and includes a Python script to redact PII (email, name) from raw sales data before optional storage, demonstrating a privacy-conscious design. No evidence of data exfiltration to unauthorized endpoints, persistence mechanisms, or other malicious behaviors was found.
- External report
- View on VirusTotal