Back to skill
Skillv3.0.0
VirusTotal security
Dockerps · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 8:21 AM
- Hash
- 0513af4d95efe00c9a374b6a88fffbb8cbf5ace58bce1dc54aac98a38d833e42
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dockerps Version: 3.0.0 The skill bundle contains a shell script (`scripts/script.sh`) that is vulnerable to shell injection in the `top`, `logs`, and `inspect` commands because positional arguments (e.g., `$2`) are passed unquoted to the `docker` CLI. While the `cleanup` command performs destructive actions by pruning Docker containers and images, this behavior is documented in `SKILL.md`. The script also includes a large block of empty comment padding, which is an unusual formatting choice but does not contain hidden malicious payloads.
- External report
- View on VirusTotal