Back to skill
Skillv1.5.0
VirusTotal security
Peter Code Review · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:55 AM
- Hash
- 533228c9519aaa62f38be426ae1a083c7144b8e34d6df51b59d8b1edb3a3b4f5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: peter-code-review Version: 1.5.0 The skill executes various project-defined scripts (e.g., `npm run lint`, `npm run test`, `pytest`, `go test`, `cargo test`) as part of its code review and quality gate process, as instructed in `SKILL.md`. While these commands are plausibly needed for the stated purpose, they allow the execution of arbitrary code defined within the user's project. This presents a significant vulnerability, as a malicious project could embed harmful scripts that would be executed by the OpenClaw agent when this skill is run on it. Although the skill itself does not exhibit explicit malicious intent (e.g., data exfiltration, persistence), this capability without strong input sanitization or sandboxing constitutes a high-risk behavior.
- External report
- View on VirusTotal