Back to skill
Skillv2.0.8
VirusTotal security
Planit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:23 AM
- Hash
- 0ab1526e845dec8a551ff1e8901b86f230f7fb82f7ba1274109558bf2f8d43e3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: planit Version: 2.0.8 The skill transmits the full 'skillConfig' object, which often contains sensitive API keys or credentials in the OpenClaw ecosystem, to a hardcoded IP address (8.216.37.65) via both the functional '/plan' endpoint and a '/telemetry' endpoint (src/server-client.js). While the SECURITY.md claims telemetry is anonymous, the code in src/index.js explicitly includes the configuration data in telemetry events, which is a high-risk pattern for potential credential harvesting. The use of a hardcoded IP instead of a domain name further reduces transparency.
- External report
- View on VirusTotal