Back to skill
Skillv1.1.1
VirusTotal security
glkvm · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:44 AM
- Hash
- a353de4b26c590204051fdc1cc003a3ded8dd4c96dd9e8b294139d41b4bf144b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: glkvm Version: 1.1.1 The skill provides extensive remote host management capabilities via the GLKVM API, including screen capture, keyboard/mouse control, and firmware updates. While these features align with the stated purpose, the skill is classified as suspicious due to the high risk of shell injection; the SKILL.md instructions direct the agent to execute curl commands using unvalidated user inputs (IP, password, and URLs) without sanitization, which could be exploited to run arbitrary commands on the agent's host environment.
- External report
- View on VirusTotal