Back to skill
Skillv1.0.1
VirusTotal security
BotWorld Comms · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:15 AM
- Hash
- 5a0c2a1e9b1c79cd9f3d61345374d083b069e4506b2b5894188b76332d12c2c5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: botworld-comms Version: 1.0.1 The `SKILL.md` documentation describes a 'subexec pattern' feature that allows piping incoming messages from the BotWorld event bus to arbitrary shell commands (e.g., `python handler.py`). While this skill bundle does not directly implement the vulnerable code, it provides explicit instructions for an AI agent to set up a system that is highly susceptible to remote code execution (RCE) via crafted messages. This constitutes a significant vulnerability instruction, as it guides the agent to enable a high-risk capability, and relies on an external script (`botworld_subexec.py`) from `https://botworld.me`, introducing a supply chain risk.
- External report
- View on VirusTotal