Back to skill
Skillv0.0.4
VirusTotal security
OpenStoryline Install · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:51 AM
- Hash
- 4f0b002decd44fe8508a7daffe8a4d300c483f132ee903ef0863d33390ab3f01
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openstoryline-install Version: 0.0.4 The skill `openstoryline-install` (SKILL.md) requires high-risk capabilities including shell execution, network access, and system-level modifications via `sudo`. It instructs the agent to clone an external repository (FireRed-OpenStoryline) and execute a shell script (`download.sh`), which constitutes execution of unvetted code. Additionally, the configuration step in `SKILL.md` presents a potential command injection vulnerability by suggesting the insertion of user-provided API keys into shell commands without explicit sanitization instructions. While these actions are plausibly needed for the stated purpose of software installation, they represent significant security risks in an automated agent environment.
- External report
- View on VirusTotal