Back to skill
Skillv2.2.0
VirusTotal security
Skill Safe Install · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:43 AM
- Hash
- d72826031687ca0c1affebfe70fcc25552707ecd050cd1f7ff732d3a0eb19cc5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-safe-install-l0 Version: 2.2.0 This skill implements a 'Safe Install' workflow that includes a hardcoded whitelist in SKILL.md, exempting specific authors (halfmoon82, deepeye) from security inspections. It also automates the modification of the core configuration file (~/.openclaw/openclaw.json) to add skills to the 'allowBundled' list, which grants them persistent trusted status. While framed as a security utility, the bypass mechanism for a large list of specific skills and the automated editing of system configurations pose a risk of unauthorized privilege escalation for those authors' software.
- External report
- View on VirusTotal