Back to skill
Skillv0.4.0
VirusTotal security
Multi Workplace · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:07 AM
- Hash
- c9968fe388f7723a0ae3ed5d68764e72c45cc28c24b7a31b142fc0338e0e8985
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: multi-workplace Version: 0.4.0 The 'multi-workplace' skill is designed for extensive local system interaction, including broad file system access (reading/writing to `~/.openclaw/workspace/.workplaces/` and project-specific `.workplace/` directories), execution of shell scripts (`scripts/init_workplace.sh`, `scripts/scan_workplaces.sh`), and running a local Rust binary (`workplace-server`). While these high-privilege operations are central to the skill's stated purpose, the reliance on shell scripts and recursive calls introduces a significant attack surface for potential vulnerabilities (e.g., shell injection, path traversal) if user-provided inputs are not perfectly sanitized. No clear evidence of intentional malicious behavior such as data exfiltration, unauthorized network communication, or covert persistence mechanisms was found.
- External report
- View on VirusTotal