Back to skill
Skillv0.2.1
VirusTotal security
RescueClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:31 AM
- Hash
- b5fab923646c8a45f2be9b9dbbc4a7e5862688fcb8f6174e8bd6467d9acca54c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rescueclaw Version: 0.2.1 The skill is classified as suspicious due to its use of `execSync` in `install.js` to download and execute an external binary from GitHub, and in `rescueclaw-checkpoint.js` to interact with the installed daemon. While these actions are part of the skill's stated purpose (installing a checkpointing daemon), downloading and executing external code via shell commands (`curl`, `tar`) is a high-risk operation and a potential supply chain vulnerability. Additionally, the `SKILL.md` demonstrates the agent's ability to execute arbitrary shell commands via `exec`, which, if not properly sandboxed, presents a significant prompt injection vulnerability for the agent itself, even though the skill does not maliciously exploit it.
- External report
- View on VirusTotal