Back to skill
Skillv0.1.0
VirusTotal security
Presale One-pass Orchestrator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:20 AM
- Hash
- 720a06443ce4e4343a114605f72d86cea6d034b3b26f6518915ee93364155f15
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: presale-one-pass-orchestrator Version: 0.1.0 The skill bundle instructs the AI agent to "Run the mapped check command from verification matrix" in `references/qa-defect-loop.md`. This creates a significant command injection or Remote Code Execution (RCE) vulnerability, as the agent is directed to execute commands from an external, unspecified source without explicit sanitization. Additionally, the agent is instructed to "fix implementation" and dynamically select "fallback test runners," indicating broad execution and modification capabilities that, while potentially functional, pose a high risk if the agent's inputs or environment are compromised.
- External report
- View on VirusTotal