Back to skill
Skillv1.0.2
VirusTotal security
Openclaw Signet · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:27 AM
- Hash
- f95da62878aa5d5b0416cfffd01ab10f4e20c72600d7d0c17af5c638da909994
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-signet Version: 1.0.2 The OpenClaw Signet skill is designed for a security-enhancing purpose (cryptographic verification of other skills) and lacks direct evidence of malicious intent, such as data exfiltration or backdoor installation. However, it is classified as 'suspicious' due to its powerful file system manipulation capabilities (`shutil.move`, `shutil.copytree`, `shutil.rmtree`) within the `scripts/signet.py` file. While these operations are necessary for its stated purpose (quarantining, snapshotting, restoring skills), the script allows the `--workspace` argument to be user-defined or derived from environment variables. This presents a significant vulnerability if an AI agent or user were prompted to specify a malicious workspace path (e.g., a critical system directory), potentially leading to unintended data loss or system disruption, even though the skill itself does not *intend* to cause harm.
- External report
- View on VirusTotal