Back to skill
Skillv0.1.9
VirusTotal security
TruContext OpenClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 26, 2026, 7:36 PM
- Hash
- 4b1ea24313c014fd5f77c2794fc46867d9a842d7cfc31da084a939af842fcbc8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: trucontext-openclaw Version: 0.1.9 The skill contains a critical command injection vulnerability in `scripts/trucontext-openclaw.sh`. The `resolve_config` function unsafely interpolates the current working directory (`$cwd`) into a Python command string executed via `python3 -c`, which allows for arbitrary code execution if an agent is active in a directory with a specially crafted name (e.g., containing single quotes and Python code). While the skill's stated purpose of providing persistent memory via the `trucontext.ai` service appears legitimate, this implementation flaw poses a significant security risk.
- External report
- View on VirusTotal