Back to skill
Skillv1.2.1
VirusTotal security
Peter Pr Ops · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:57 AM
- Hash
- 2ff95990a2a3c387e2ef1cbc73c6c9e48e2dbcb1bbd8a6a956ae30ba0af1388e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: peter-pr-ops Version: 1.2.1 The `SKILL.md` file instructs the AI agent to execute local scripts, most notably `"$repo_root/scripts/ensure-workflow-docs"` (and also `scripts/automerge`, `scripts/massageprs`). The `repo_root` is determined by `git rev-parse --show-toplevel`. This creates a severe remote code execution (RCE) vulnerability, as an attacker could craft a malicious git repository containing a harmful `scripts/ensure-workflow-docs` script, which the agent would then execute when operating within that repository. This is classified as suspicious due to the high-risk RCE vulnerability, even though the skill bundle itself does not contain explicit malicious payloads.
- External report
- View on VirusTotal