Back to skill
Skillv1.0.1
VirusTotal security
Hierarchical Memory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:23 AM
- Hash
- 017a6c94b126fec50e4856685f3abd7a3fec2161573e9521dfa0100b5561207d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hierarchical-memory Version: 1.0.1 The skill's stated purpose and `SKILL.md` instructions are benign, aiming to manage hierarchical memory. However, the `scripts/add_branch.py` script contains a path traversal vulnerability. The `parent_file` argument, used to construct a file path, is not sanitized, allowing an attacker to append data to arbitrary files on the system (e.g., `/etc/passwd`) by providing a crafted path like `../../../../etc/passwd`. This is a critical lack of input sanitization, classifying the skill as suspicious due to the potential for unauthorized file modification.
- External report
- View on VirusTotal