Anomaly Explainer
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: anomaly-explainer Version: 1.0.0 The skill declares 'bash' as an available tool, granting the AI agent the capability to execute shell commands. While the SKILL.md itself does not contain explicit malicious instructions, the availability of 'bash' creates a significant attack surface for potential prompt injection, which could lead to arbitrary command execution (RCE) if a user or external input manipulates the agent to use this tool maliciously. This represents a high-risk capability and a potential vulnerability, classifying it as suspicious rather than benign.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the platform grants the declared bash tool, the agent may have local shell capability even though the skill does not appear to need it for its documented task.
The skill declares bash access even though the documented workflow is an instruction-only billing analysis and explanation process with no shell-command steps.
tools: claude, bash
Use the skill for analysis of provided AWS cost data, and if your platform supports tool restrictions, consider disabling or reviewing shell access because it is not explained by the current instructions.