Back to skill
Skillv0.1.0
VirusTotal security
Polyclaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:59 AM
- Hash
- be64ab31f5454c31aa394ffefa59fa724d04293d54aa38f22615efbb0e9e55b9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polyclaw-2 Version: 0.1.0 The skill requires sensitive credentials, specifically `POLYCLAW_PRIVATE_KEY` and `OPENROUTER_API_KEY`, to be stored as environment variables for its operation. While the `SKILL.md` explicitly warns about the security risks associated with this practice, it represents a significant vulnerability due to the insecure handling and potential exposure of private keys and API keys. No evidence of malicious intent such as data exfiltration, unauthorized remote execution, persistence mechanisms, or prompt injection attempts against the agent was found in the provided files.
- External report
- View on VirusTotal