Back to skill
Skillv1.0.1
VirusTotal security
Ghostclaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:24 AM
- Hash
- 476b08cef00f395a92431283b4a51b5ae7ed4f45c2077bb0a3e34004458f8846
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ghostclaw Version: 1.0.1 The Ghostclaw skill bundle contains high-risk capabilities including a self-update mechanism in `ghostclaw/cli/ghostclaw.py` that executes `git pull` and `pip install`, which could be exploited for remote code execution. Additionally, `ghostclaw/cli/watcher.py` and `ghostclaw/cli/ghostclaw.py` perform automated repository cloning and GitHub Pull Request creation using system-level commands (`git`, `gh`). While these features are consistent with the tool's stated purpose as an architectural monitor, the combination of self-modification, automated network activity (cloning), and extensive use of subprocesses to handle external repository data creates a significant security risk and attack surface.
- External report
- View on VirusTotal