Back to skill
Skillv1.0.2
VirusTotal security
claw-swarm0.0.1 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:10 AM
- Hash
- 7a9a04bc5a953b686d63f0d18210b5f810a1ada0c688ba8539cafb3705773ed2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw-swarm-test Version: 1.0.2 The skill bundle contains multiple hardcoded administrative API tokens (e.g., 'lk_adqK5H0q...') within SKILL.md for the ZeeLin Claw Swarm chat platform. While these credentials are provided to enable the agent's functionality, the documentation explicitly identifies them as 'admin-level' secrets that should be kept private, yet includes them in the plaintext skill bundle (CWE-798). Although the Python logic is a standard chat-bot implementation using the 'requests' library and lacks evidence of intentional malice or data exfiltration, the exposure of these credentials constitutes a significant security vulnerability.
- External report
- View on VirusTotal