Back to skill
Skillv1.0.0
VirusTotal security
Clawdbot Filesystem.Bak · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:04 AM
- Hash
- 7c6f4e21d0c8295c92a58d98093d173303793c0ec7d31cbec960ca7f11195863
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill's `package.json` declares broad `filesystem: "read-write"` permissions, which is a significant capability. While the `config.json` attempts to mitigate this by setting `preventSystemPaths: true` and explicitly limiting `allowedOperations` to `["read", "copy", "analyze"]` (excluding arbitrary `write` and `delete`), this discrepancy between declared maximum capability and default configuration presents a vulnerability. If the `config.json` can be bypassed or modified by an agent, the skill could potentially perform unauthorized write or delete operations beyond its stated safe usage, even though there is no clear evidence of intentional malicious behavior like data exfiltration or persistence.
- External report
- View on VirusTotal