Back to skill
Skillv1.0.1
VirusTotal security
V2ray Proxy · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:38 AM
- Hash
- 1d6766585b78866415bf1925d04f3a4d96d018dde7f141e3dc92cd6ca7a3baa2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: v2ray-proxy Version: 1.0.1 The skill is classified as suspicious primarily due to a critical shell injection vulnerability in the `wrap` function within `scripts/v2ray-proxy.sh`. This function uses `eval "$cmd"` to execute user-provided commands without sanitization, allowing for arbitrary command execution (RCE) if an attacker or a malicious prompt can control the input. Additionally, the script modifies the user's `~/.bashrc` file to export `V2RAY_PROXY=1`, which, while intended as a benign flag, is a form of persistence and modification of user dotfiles without explicit consent, adding to the suspicious behavior.
- External report
- View on VirusTotal