Back to skill
Skillv1.0.0
VirusTotal security
Workspace Guard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 21, 2026, 12:16 PM
- Hash
- abe88cd99e14c33dd152885e15e700cea3fd76198fcda7bbe01a6dd4c62c40b2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: workspace-guard Version: 1.0.0 The skill is designed to enforce workspace boundaries and safety, but it contains a significant security vulnerability in 'references/boundaries.md'. Specifically, it recommends using 'eval' to expand environment variables in file paths, which is a classic shell injection vector. While the overall intent appears defensive and includes instructions to resist user-driven bypasses, the inclusion of this insecure coding pattern and the reliance on easily-bypassed 'grep' checks for command validation make the bundle risky for deployment.
- External report
- View on VirusTotal