Back to skill
Skillv1.5.5
VirusTotal security
Coder Workspaces · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 3:28 AM
- Hash
- 3fe9c5bce8b21320d323a90c64d97fae48c487b2cce1b572aec971e046850644
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: coder-workspaces Version: 1.5.5 The skill is designed to manage Coder workspaces and AI tasks using the `coder` CLI. It primarily serves as documentation for the AI agent on how to interact with the `coder` command. While it requires sensitive environment variables (`CODER_URL`, `CODER_SESSION_TOKEN`), this is necessary for its stated purpose. A key mitigating factor is the explicit instruction in `SKILL.md` that `coder ssh <workspace> -- <command>` executes commands within isolated Coder workspaces, not the host system. The `CHANGELOG.md` provides strong evidence that previous versions contained potentially risky patterns (e.g., `curl|bash`, helper scripts for install/auth, credential patterns) but these were intentionally removed to make the skill a 'pure documentation skill', significantly reducing its attack surface. No prompt injection attempts or malicious execution patterns are present in the current files.
- External report
- View on VirusTotal