Back to skill
Skillv3.0.0
VirusTotal security
Ralph Quick Security Check · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:08 AM
- Hash
- 6f9ef7b1a29b816e0b808d6424a050cb3901bd3070e46d6ee3c281f469112025
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ralph-quick Version: 3.0.0 The skill instructs the AI agent to execute shell commands (e.g., `git rev-parse --show-toplevel` in SKILL.md) and perform extensive file system operations (reading various project files, writing/renaming `.ralph-report.md`). While these capabilities are plausibly needed for its stated purpose of a security audit, they introduce a significant attack surface. The explicit shell execution and broad file system access, even without clear malicious intent within the skill's own instructions, classify it as 'suspicious' due to the potential for abuse if the OpenClaw agent's execution environment or user input sanitization is vulnerable to injection.
- External report
- View on VirusTotal