Back to skill
Skillv1.0.0
VirusTotal security
VPS Command Runner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:45 AM
- Hash
- 8b90a0479a4cdea2d63accde4bda23feb98646da4ce01e9966226b25f1d165de
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vps-command-runner Version: 1.0.0 The skill bundle provides scripts (run-all.sh, run.sh, status.sh) that facilitate remote command execution across multiple servers using sshpass with plaintext credentials and the 'StrictHostKeyChecking=no' flag. This implementation is highly insecure as it exposes passwords in the process list/files and bypasses SSH host identity verification, making the system vulnerable to Man-in-the-Middle attacks. While these are functional vulnerabilities rather than intentional malware, the high-risk nature of managing a VPS fleet with such insecure methods warrants a suspicious classification.
- External report
- View on VirusTotal