Back to skill
Skillv1.2.0
VirusTotal security
Heartbeat Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:34 AM
- Hash
- f2e6b0b646189315125b0139666720c161850b032634177fca4808be6e595c8c
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: heartbeat-manager Version: 1.2.0 The OpenClaw AgentSkills skill bundle 'heartbeat-manager' is classified as benign. While it utilizes powerful capabilities such as Git operations (add, commit, push), email sending/receiving, external API calls (Canvas, FSP, Discord), and local browser interaction, these are all explicitly declared in `SKILL.md` and appear to be integral to its stated purpose of agent heartbeat management and monitoring. Crucially, the Python code demonstrates strong security practices, particularly in `tools/git_ops.py` and `tools/heartbeat_run.py`, where `subprocess.run` is consistently used with a list of arguments to prevent shell injection, and commit messages are sanitized. Credentials are handled via `config/.env` or `~/.openclaw/openclaw.json`, which are standard and relatively secure methods. There is no evidence of intentional malicious behavior, obfuscation, or exploitation of vulnerabilities; rather, the code and documentation emphasize transparency and secure implementation of its features.
- External report
- View on VirusTotal