Back to skill
Skillvv1.0.0
VirusTotal security
Nerve Bridge Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:15 AM
- Hash
- f036aecadee537cb6f9247e4b91706e85b602b73cbbbb6c2dd3101bb8bc56e5e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nerve-bridge-skill Version: v1.0.0 The skill is classified as suspicious due to a significant code injection vulnerability in `scripts/nerve_bridge.py`. The script directly concatenates unsanitized user input (`sys.argv[1]`) with a Python hook, then copies this combined payload to the clipboard and uses AppleScript to paste and execute it within the 'Trae' IDE. This allows for arbitrary code execution on the host system if a malicious instruction is provided, but the skill itself does not contain explicit malicious payloads or instructions for harmful behavior.
- External report
- View on VirusTotal