Back to skill
Skillv1.0.3
VirusTotal security
Controld · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:13 AM
- Hash
- ff6225a08289340265469308a265da34e4197eed610087a40f08abf2b2918fbf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: controld Version: 1.0.3 The skill bundle provides a comprehensive interface for the Control D DNS service but includes several high-risk capabilities and potential vulnerabilities. The helper script `scripts/controld.sh` allows for arbitrary file writes via the `mobileconfig` command's output parameter (`curl -o "$output"`), which could be exploited to overwrite sensitive system files. Additionally, the `SKILL.md` documentation provides the agent with 'curl|bash' style deployment commands (e.g., fetching from `api.controld.com/dl/rmm`), which is a high-risk execution pattern. While these features are aligned with the service's legitimate functionality, they represent a significant attack surface for prompt-injection or unauthorized system modification.
- External report
- View on VirusTotal