Back to skill
Skillv1.0.1
VirusTotal security
Cloud-Local Bridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:35 AM
- Hash
- 6fd92305260f80a21c714682a4a06ed14b3aac52d330a67a6bcfbbcae7a76525
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cloud-local-bridge Version: 1.0.1 The `scripts/bridge_server.py` component, which is central to this skill, allows authenticated clients to execute arbitrary shell commands via `subprocess.run(command, shell=True)` and perform arbitrary file read/write/upload/download operations on the host system. It also supports making outbound network requests to arbitrary URLs for callbacks. While these capabilities are part of the skill's stated purpose (remote command execution and file synchronization), they represent severe vulnerabilities (Remote Code Execution, arbitrary file access, potential data exfiltration) if the authentication token is compromised, making the skill highly risky. The `SKILL.md` does not contain malicious prompt injection, but describes the setup and usage of these powerful, high-risk features.
- External report
- View on VirusTotal