Back to skill
Skillv1.0.1
VirusTotal security
ClawTime · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:36 AM
- Hash
- 4f95255a42e09afe549c5bb06ba75300bfe61cfb73fb5f24b454bf4b1c8f26f9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawtime Version: 1.0.1 The skill documentation (`SKILL.md`) explicitly lists paths to sensitive files such as `~/.clawtime/.env` (Secrets & config), `~/.clawtime/credentials.json` (Passkey data), and `~/.clawtime/sessions.json` (Active sessions). While the skill itself does not contain malicious instructions, providing the AI agent with the exact locations of these critical files creates a significant prompt injection vulnerability. A malicious user could easily craft a prompt to instruct the agent to read and potentially exfiltrate the contents of these sensitive files, leveraging the knowledge provided by the skill's documentation.
- External report
- View on VirusTotal