Back to skill
Skillv0.1.0
VirusTotal security
Project Code Standard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:02 AM
- Hash
- aa30b38397f0e2fd7c612e6ad926c30099d5c78447e1adade44e29b8751d5d38
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: project-code-standard Version: 0.1.0 The skill's stated purpose is benign (code quality checks and formatting). However, the `SKILL.md` instructions for the AI agent involve executing shell commands with user-controlled input, specifically `<target_path>` in commands like `python scripts/check_python.py <target_path> --output markdown`. If the OpenClaw agent does not properly sanitize or quote this input before execution, it creates a significant shell injection vulnerability, potentially leading to arbitrary command execution. While there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, backdoors), this critical vulnerability warrants a 'suspicious' classification.
- External report
- View on VirusTotal