Back to skill
Skillv1.0.2
VirusTotal security
Orgo Desktop Control · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:20 AM
- Hash
- 2ef1b1f0bf768e73425d165516e7111965768e5e4c4274f90bc6f278e16ff1ab
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: orgo-desktop-control Version: 1.0.2 The skill bundle is classified as suspicious due to its broad and powerful capabilities, which, while explicitly stated as its purpose, introduce significant security risks. The `scripts/orgo_client.py` library allows for arbitrary remote code execution (`run_bash`, `run_python`) on cloud computers, local file upload (`upload_file`) from the agent's host machine to the Orgo cloud, and retrieval of sensitive information like VNC passwords. While the `SKILL.md` and `references/ORGO_ACTION_PATTERNS.md` openly declare these features and include safety instructions, these capabilities create a substantial attack surface for prompt injection or misuse, potentially leading to unauthorized local file exfiltration or remote system compromise if the agent is tricked into executing malicious commands.
- External report
- View on VirusTotal