Back to skill
Skillv1.0.0
VirusTotal security
Trustra Escrow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 3:27 AM
- Hash
- c6096e65506c53b05a558f3c1ef5efc5e1ab278850c841d57d0354c96cca41b4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: trustra-escrow Version: 1.0.0 The skill is classified as suspicious due to two main reasons. First, the `scripts/export_key.py` script explicitly prints a private key to standard output. While this is an intended 'export' feature and includes a warning, exposing a private key in this manner is a high-risk capability that could lead to compromise if the output is logged or mishandled. Second, the `scripts/config.py` file uses `shutil.rmtree` to remove the `__pycache__` directory. Although this is a targeted cleanup operation within the skill's own directory and not inherently malicious, `shutil.rmtree` is a powerful command that represents a risky file system operation. There is no evidence of intentional malicious behavior like unauthorized data exfiltration or prompt injection attempts against the agent.
- External report
- View on VirusTotal