Back to skill
Skillv1.1.0
VirusTotal security
Peter Commit Ops · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:57 AM
- Hash
- 04eca97b084974374e29485ec56318ec02ac01c7714610833fe7df6b4e6a067c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: peter-commit-ops Version: 1.1.0 The skill instructs the agent to execute `npm run workflow:check` or shell scripts (`tools/workflow-check.sh`, `scripts/workflow-check`) from the user's repository (SKILL.md). This introduces a potential Remote Code Execution (RCE) vulnerability if the repository's scripts are malicious, as the skill itself does not define or validate their content. While the use of `gh pr create --fill` (SKILL.md) involves network interaction and potential data exposure, it aligns with the stated purpose. The skill also includes '护栏' (guardrails) to prevent common dangerous actions like direct pushes to `main`/`master`, indicating an intent for safe operation within its defined scope, but the reliance on untrusted repository scripts makes it suspicious.
- External report
- View on VirusTotal