Back to skill
Skillv1.0.0
VirusTotal security
Peter Bugfix Loop · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:57 AM
- Hash
- 3632bf878f77d1973004ad05cfa1b7750eafd22f8716a357d672eaf7d3f8e52f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: peter-bugfix-loop Version: 1.0.0 The skill bundle defines a bug-fixing workflow for an AI agent. While the stated purpose is benign, the `SKILL.md` instructs the agent to 'retain CLI/HTTP/page reproduction scripts and commands' as part of the bug reproduction step. This implies the agent will execute arbitrary commands provided as part of the bug description or reproduction steps. This capability, without explicit mention of sandboxing or robust input sanitization, presents a significant Remote Code Execution (RCE) vulnerability risk if a malicious user or prompt injection could craft harmful commands, making the skill suspicious due to its high-risk capabilities.
- External report
- View on VirusTotal