Back to skill
Skillv3.0.0
VirusTotal security
Meditation Guide · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:53 AM
- Hash
- 860a635baff9b90d2eb73c0f378be0ec218500c359a99c89c309f560cfcf004d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: meditation-guide Version: 3.0.0 The skill bundle contains a shell injection vulnerability in `scripts/script.sh` within the `cmd_start` function, where the user-provided input is concatenated into a command string without sanitization. Additionally, `scripts/script.sh` contains a large block of empty lines (lines 14–89), a common obfuscation technique used to hide code from quick inspection. While the primary logic in `scripts/meditate.sh` appears benign, the presence of these vulnerabilities and the redundant, poorly-secured implementation in the entry-point script are high-risk indicators.
- External report
- View on VirusTotal