Back to skill
Skillv1.0.0
VirusTotal security
Project Summary · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:01 AM
- Hash
- fbd5ec07d6ebf9cbddc091badf9339011ce7fd5fdc0f221a482ef25859f0716d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: project-summary Version: 1.0.0 The skill bundle aims to generate a project summary, which is a benign purpose. However, the `SKILL.md` file contains direct `bash` and `powershell` commands (`find`, `ls`, `grep`) embedded within the instructions for the AI agent. While these commands are used for legitimate information gathering (e.g., detecting languages, entry points, test files) and are read-only in nature, their direct inclusion as executable instructions for an AI agent represents a potential shell injection vulnerability. If the agent executes these commands without robust sandboxing or input sanitization, a malicious project could craft file names or content to exploit this capability, even though the commands provided in this skill are not themselves malicious.
- External report
- View on VirusTotal