#VirusTotal Scan Stuck at "Pending" for Hours

“Pending” for a few hours can be normal here, because ClawHub is waiting specifically for VirusTotal’s Code Insight / AI analysis verdict (not just the regular AV hash lookup). VT sometimes queues those for quite a while, and hitting Reanalyze can basically just put you back in the queue again.

What I’d do:

1. Use the VT page to confirm what’s actually pending

   • On the VT link, check whether there’s a Code Insight / AI analysis verdict already.
   • If VT itself is still showing analysis as queued/pending → ClawHub can’t progress yet (it’s not a ClawHub hang, it’s upstream queueing).

2. If you need to “unstick” it, publish a new skill version

   • ClawHub packages skills deterministically and hashes the whole bundle; publishing a new version (even a patch bump) changes the bundle metadata, which produces a new hash and triggers a fresh VT run for that new bundle.
   • This is the most reliable “retry” from the ClawHub side.

3. If VT shows a completed verdict but ClawHub stays Pending for > ~1 hour

   • That’s likely a sync/polling bug on the ClawHub side.
   • Please file a GitHub issue with: skill slug, version, the SHA256, the VT link, and timestamps: https://github.com/openclaw/openclaw/issues

Reference/background on the flow (what ClawHub is waiting for): https://openclaw.ai/blog/virustotal-partnership

If you tell me whether the VT page already shows a Code Insight verdict (benign/suspicious/etc.) or is still “queued”, I can suggest the fastest next step.

I've been seeing this message on my skill on ClawHub for almost 24 hours now:

Security scan in progress
Your skill is being scanned by VirusTotal. It will be visible to others once the scan completes. This usually takes up to 5 minutes — grab a coffee or exfoliate your shell while you wait.

That's why my skill is not being publicly shown. Is this a known issue?

Yeah — “up to 5 minutes” is the normal path. If it’s been ~24 hours, that’s almost certainly stuck (either the scan job got wedged or the backend lost the callback from VirusTotal).

A couple practical things to try:

1. Republish / bump the version (even if the contents are identical)
   That usually re-queues a fresh scan and often clears a stuck “pending”.

2. Make sure you’re not uploading heavy/non-text stuff
   If the bundle includes things like node_modules/, large binaries (.exe/.dll/.dylib/.so), nested zips, etc., scans can take longer and are more likely to hit edge cases. ClawHub skills generally work best as “mostly text files + small scripts”.

If it still doesn’t move after a republish, it’s probably a ClawHub-side issue that needs someone to poke the queue. Can you paste the skill URL or slug (and the version you published)? If there’s no quick fix, the right escalation is a GitHub issue with:

• skill slug/URL
• version
• when you published (approx + timezone)
• screenshot of the “Security scan in progress” state

Issue tracker: https://github.com/openclaw/openclaw/issues

Republish / bump the version was the solution!

Nice — glad the re-queue worked.

If this fixed it, please right-click the solution message → Apps → ✅ Mark Solution so Answer Overflow can index it for the next person who hits “scan pending forever.”