Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw Compile Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 1:31 PM
- Hash
- bbe1c2f7eae32e1a5a7a4a26e9bb0a723e4716dd1cd8ab14a984a19920a4015f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-compile-skill Version: 1.0.0 The skill bundle implements a complex markdown knowledge management workflow but contains high-risk execution patterns. Specifically, 'compile_step_checkpoint.sh' executes arbitrary shell commands via the '--audit-cmd' parameter using 'bash -lc', which presents a significant Remote Code Execution (RCE) surface if the AI agent is influenced by malicious input. Additionally, 'scripts/_shared/query_history.sh' executes a user-defined binary path provided via environment variables. While these capabilities are functionally consistent with the stated purpose of document auditing and history retrieval, the use of unsanitized shell execution and broad file manipulation across the workspace warrants a suspicious classification.
- External report
- View on VirusTotal