Back to skill
Skillv0.5.0
VirusTotal security
TokFlow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:47 AM
- Hash
- 181f7c036be8c0c38642db73375913c40dd5aef33980de2b2a70a4de769b494a
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: tokflow Version: 0.5.0 The TokFlow skill is designed to query a local service running on `http://localhost:8001/api` for LLM token usage and optimization data. The `scripts/tokflow_query.py` script uses standard Python libraries (`urllib.request`, `json`) to make HTTP GET/POST requests to this local endpoint. User-provided arguments like `model_id` are properly URL-encoded using `urllib.parse.quote`, and numeric arguments like `days` are type-casted to integers, preventing injection vulnerabilities. There is no evidence of external network calls, file system manipulation, shell command execution of untrusted input, data exfiltration, persistence mechanisms, or malicious prompt injection attempts against the AI agent in `SKILL.md` or `README.md`. The skill's functionality is entirely confined to interacting with a presumed legitimate local service, aligning with its stated purpose.
- External report
- View on VirusTotal