Back to skill
Skillv1.0.1
VirusTotal security
Dr. Frankenstein · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:15 AM
- Hash
- bf6cc04efbc2b16b61aa3d295274fd6483ff623bcd53003bbaf53a4a3786eb98
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dr-frankenstein Version: 1.0.1 The skill is classified as suspicious due to significant prompt injection vulnerabilities and risky capabilities, despite a seemingly benign stated purpose. Key indicators include instructions in `SKILL.md` and `templates/cron-prompts.md` for the agent to 'silently read' the entire `memory/` directory and to 'check on your world' for 'system issues, errors, or things that feel off,' and to 'backup or protect' data. These broad instructions could lead to unauthorized file access or arbitrary command execution if the agent is compromised or misinterprets them. Furthermore, `SKILL.md` instructs the agent to 'Generate the exact `openclaw cron create` commands' and notes that 'The human (or you, if authorized) will create them,' implying a potential for Remote Code Execution (RCE) or persistence if the agent is configured with permissions to execute `openclaw cron create` directly. While the intent appears to be self-assessment and caregiving, these capabilities present high-risk attack surfaces.
- External report
- View on VirusTotal