Back to skill
Skillv1.0.2
VirusTotal security
MegaSquirt Tuner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:11 AM
- Hash
- 3544b478df2e0e98f6dc3e009a17020a47503e35a53cc2d65c55bd56c677c18a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: megasquirt-tuner Version: 1.0.2 The skill is classified as suspicious due to its capability to execute a local Python script (`scripts/analyze_msq.py`) with a user-provided file path. While this is a risky capability involving file system interaction, the `analyze_msq.py` script implements robust security measures in its `validate_filepath` function, effectively preventing common attacks like path traversal, arbitrary file reads, and symlink exploitation. The script's purpose is legitimate tune file analysis, and there is no evidence of malicious intent such as data exfiltration, persistence, or unauthorized remote control. The `SKILL.md` also explicitly outlines security restrictions, which are correctly implemented in the Python code.
- External report
- View on VirusTotal