Back to skill
Skillv0.1.0
VirusTotal security
Presale Service Bootstrap · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:20 AM
- Hash
- ff6ee820a9200d58faf083d49e2e4a85bdbb9b6613b5702ea3821f0227fea597
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: presale-service-bootstrap Version: 0.1.0 The skill bundle is classified as suspicious due to a direct instruction in `SKILL.md` to execute an external PowerShell script, `tools/new-presale-service.ps1`. The content of this script is not provided for review, making its execution opaque and a significant security risk. This constitutes a prompt injection vulnerability, as the AI agent is instructed to run an arbitrary command, which could lead to Remote Code Execution (RCE) if the PowerShell script were malicious. While the stated purpose is scaffolding, the lack of transparency for an executable component raises a critical security concern.
- External report
- View on VirusTotal