Back to skill
Skillv2.1.1
VirusTotal security
Validate · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:17 AM
- Hash
- dae303753d2fdd84eefdee2a64c2464f17da48bfd5fb90bd6b17fecd876bb819
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: solo-validate Version: 2.1.1 The `solo-validate` skill, while designed for a legitimate purpose, is classified as suspicious due to the presence of a significant shell injection vulnerability. Specifically, in `SKILL.md` (Step 2), the agent is instructed to 'Grep for idea keywords' using user-provided `$ARGUMENTS`. If the underlying agent's `Grep` or `Bash` execution does not properly sanitize this user input, it could allow an attacker to execute arbitrary shell commands. The skill also allows `Write` operations to `docs/prd.md`, which, while intended for legitimate document generation, could be a vector for content injection if not handled robustly. There is no evidence of intentional malicious behavior such as data exfiltration, persistence, or unauthorized remote control.
- External report
- View on VirusTotal