Back to skill
Skillv0.1.0
VirusTotal security
Code Runner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:26 AM
- Hash
- e0bc400cc836de833554715e93c1579c765e601b7522c86f1734a72f86b452d1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: code-runner Version: 0.1.0 The 'code-runner' skill provides a mechanism to execute arbitrary code in over 30 programming languages by directly invoking system-level interpreters and compilers via `child_process.exec` in `scripts/run-code.cjs`. While the behavior is consistent with the stated purpose in `SKILL.md`, the skill lacks any sandboxing or isolation, allowing executed snippets full access to the host's file system, network, and environment variables. This high-risk capability, coupled with the potential for shell injection if the agent provides unsanitized input, poses a significant security risk to the host environment, although no evidence of intentional malice or hardcoded exfiltration was found.
- External report
- View on VirusTotal