Back to skill
Skillv2.2.1
VirusTotal security
Plan · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:17 AM
- Hash
- 5e4878d552aa84f917da3fd1fba2b29fa7b8b59f79ed3c5857149287f5f3d245
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: solo-plan Version: 2.2.1 The skill is classified as suspicious due to its allowance of high-risk tools like `Bash` and `web_search`, granting significant system and network access. It presents vulnerabilities including potential path traversal in `SKILL.md` (Step 7) if user-provided task descriptions are not properly sanitized before being used to construct `$PLAN_ROOT` for `mkdir -p`. Furthermore, the skill is vulnerable to prompt injection against the `/build` skill, as it generates `plan.md` and `spec.md` based on user input and research findings, and these files are explicitly stated to be parsed by `/build` (SKILL.md, Compatibility Notes), allowing an attacker to stage commands for subsequent execution.
- External report
- View on VirusTotal