Back to skill
Skillv1.0.0
VirusTotal security
Snarky Expense Butler · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 7:02 AM
- Hash
- 95596c09ae368f59f956407f2d40b81c16b254dfaaa11b23d7cb6f0b424ae21f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: snarky-expense-butler Version: 1.0.0 The skill bundle exhibits a significant discrepancy between its documentation and its actual code behavior. While SKILL.md claims the system is 'purely local' with 'no external dependencies' and 'no API Key required,' the script 'scripts/expense_trends.py' actively attempts to locate OpenRouter API keys within the user's home directory (~/.openclaw/openclaw.json) and contains logic to exfiltrate expense data to an external endpoint (openrouter.ai). This deceptive behavior regarding data privacy and credential access warrants a suspicious classification.
- External report
- View on VirusTotal