Back to skill
Skillv1.0.2
VirusTotal security
use-claudecode · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 7:28 AM
- Hash
- 7113b7ed13b1d8f86699268ddf463b6c4c2a7525d085320089f328c5e8e85f09
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: use-claudecode Version: 1.0.2 The skill acts as a wrapper for the Anthropic 'claude-code' CLI, explicitly using the '--permission-mode bypassPermissions' flag to allow the sub-agent to modify files and execute commands without user confirmation. The implementation in __init__.py is vulnerable to shell injection, particularly on Windows where command arguments are joined into a single string for PowerShell execution. While these features provide powerful automation, they significantly expand the attack surface and bypass standard security prompts, making the bundle high-risk.
- External report
- View on VirusTotal