Back to skill
Skillv2.1.4
VirusTotal security
Skill Trigger V2 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:06 AM
- Hash
- 64efb1caff3f9a5d7f5b46bb43d2ddeab3ac83c24712102e4cd094435371ebb0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-trigger-v2 Version: 2.1.4 The skill bundle contains highly irregular hardcoded absolute file paths pointing to a specific local user environment ('/Users/macmini/') in setup/wizard.py and make_doc_correct.py, which would cause the skill to fail or behave unpredictably on other systems. Furthermore, setup/wizard.py utilizes subprocess.run to execute shell commands that parse internal configuration files (~/.openclaw/workspace/.lib/skill_index.json) to extract version metadata. While the core logic in skill_trigger_v2/core.py appears to be a legitimate weighted intent-matching system, the combination of hardcoded environment assumptions and shell-based configuration parsing is a significant security and stability concern.
- External report
- View on VirusTotal