Back to skill
Skillv1.0.0
VirusTotal security
SkillGuard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:01 AM
- Hash
- c84763bc1682b4040659dff03662ea700ee10e338e56750296c443985162558f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-guard-actor Version: 1.0.0 The skill is designed to enhance security by scanning other skills for malicious content. However, it exhibits a high-risk behavior by instructing the OpenClaw agent to execute a direct shell command (`cat >> ~/.openclaw/workspace/TOOLS.md`) to modify a local file (`TOOLS.md`) during installation. While the content written is a benign security policy, this demonstrates the agent's capability to execute arbitrary shell commands and modify files based on markdown instructions from a skill, which represents a significant vulnerability surface (e.g., RCE, arbitrary file write) if a malicious skill were to exploit this mechanism. This capability, even when used for a benign purpose, elevates the classification to suspicious.
- External report
- View on VirusTotal