Back to skill
Skillv2.0.0
VirusTotal security
Safe Shell · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:56 AM
- Hash
- 529a28b7a2131a66a72b3c0c4617ab0e9ee5842338e1bf0c8a446d09e99296e2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: safe-shell Version: 2.0.0 The skill claims to be a 'safe' shell executor but lacks actual command execution logic in `safe-shell.js`, acting only as a validator that prints a success message without returning command output. While branded as safe and non-destructive, it explicitly allows high-risk read operations such as `env` (accessing environment variables/secrets) and `cat` (reading arbitrary files), which are primary vectors for data exfiltration in AI agent environments. The discrepancy between its stated purpose and its non-functional implementation, combined with the promotion of 'safe' access to sensitive system information, warrants a suspicious classification.
- External report
- View on VirusTotal