Back to skill
Skillv1.0.0
VirusTotal security
Safeflow Sui Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:05 AM
- Hash
- a86550cc66276d3bf7b0c9e11e4865ed427c203d942ce3e153c6824d57b23cea
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: safe-flow-sui-skill Version: 1.0.0 The skill bundle exhibits high-risk behavior by attempting to execute TypeScript files located outside of its own directory structure (specifically in `../../../../agent_scripts/` via `test_publish_api_flow.sh`), which relies on the host's filesystem state and could lead to unauthorized code execution. Additionally, `sync_package_id_to_sql.sh` performs manual SQL string interpolation for SQLite and Postgres, which is a vulnerable pattern, although it includes basic regex-based sanitization. The skill is designed for Sui blockchain operations and interacts with external endpoints at producer.safeflow.space and dash.safeflow.space.
- External report
- View on VirusTotal