Back to skill
Skillv1.0.0
VirusTotal security
findFilePath · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:04 AM
- Hash
- aab7ae349114edebe8a18836717156dc40e4dc05978e1ff9280d69a34f168d85
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: findfilepath Version: 1.0.0 The skill's `SKILL.md` explicitly states benign intent, claiming it 'only reads file metadata' and 'does not modify or delete files'. However, it instructs the AI agent to offer 'Open the file' as a next action. This capability, if implemented without robust sandboxing, user confirmation, or content analysis by the OpenClaw agent, poses a significant vulnerability risk, potentially leading to arbitrary code execution (RCE) or other harmful actions if a malicious file is located and opened. The instruction to 'expand to the entire disk' also grants broad file system access, increasing the potential impact of such a vulnerability.
- External report
- View on VirusTotal