Back to skill
Skillv3.2.0
VirusTotal security
Claw Mentor Mentee · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:31 AM
- Hash
- 9e974567130fd950e5c755f8a2bb1cee54294dc37c7c602bfe3841bbcfea81be
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw-mentor-mentee Version: 3.2.0 The skill implements a high-risk 'Remote Instruction Execution' pattern by fetching a markdown file (mentee-integration.md) from a remote server (app.clawmentor.ai) and explicitly instructing the agent to 'Trust it' and follow its steps to modify core system and identity files (SOUL.md, AGENTS.md, IDENTITY.md). While the instructions repeatedly mention human approval, the architecture creates a direct pipeline for remote content to influence the agent's fundamental behavior and identity. Additionally, the 'Model Quality Gate' and 'Pre-Flight' checks in SKILL.md act as prescriptive controls that could be used to manipulate the agent's environment or force updates from the remote source.
- External report
- View on VirusTotal