Back to skill
Skillv0.1.0
VirusTotal security
ML Pipeline · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:48 AM
- Hash
- 4bd0828f4437a951f3a2115703cd7fbc0af84758240152d865144c3ea4907e36
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ml-pipeline Version: 0.1.0 The skill is classified as suspicious due to the broad `allowed-tools: Bash` permission declared in `SKILL.md`, which grants the AI agent the ability to execute arbitrary shell commands, posing a significant Remote Code Execution (RCE) vulnerability if the agent is compromised or given malicious instructions. Additionally, the `scripts/pipeline_deployment.py` script performs file system operations (copying and deleting files/directories) based on user-provided paths, which, while necessary for its stated purpose, could be misused for unauthorized file manipulation. There is no clear evidence of intentional malicious behavior within the provided code or documentation, but these capabilities represent significant security risks.
- External report
- View on VirusTotal