Back to skill
Skillv1.0.0
VirusTotal security
VPS Health Auditor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:16 AM
- Hash
- 6fcf61e6ed3cb175e0be47837e05ede36e97f50132fb9064c2d31c79266c27af
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vps-health-auditor Version: 1.0.0 The skill bundle's `scripts/healthcheck.sh` executes diagnostic commands on a remote server via SSH. It is classified as 'suspicious' due to two key vulnerabilities: 1) It uses `-o StrictHostKeyChecking=no`, which disables host key verification and makes the SSH connection vulnerable to Man-in-the-Middle attacks. 2) The script directly interpolates user-provided variables (`$HOST`, `$USER`, `$KEY`) into the `ssh` command without sanitization, creating a potential shell injection vulnerability if the OpenClaw agent does not adequately sanitize these inputs before passing them to the script. There is no evidence of intentional malicious behavior like data exfiltration or persistence.
- External report
- View on VirusTotal