Back to skill
Skillv1.0.0
VirusTotal security
Workspace Indexer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:47 AM
- Hash
- 9491fc033509e2137af351c029edf3713c027dae836d7a74a0333ac22174f5ba
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: workspace-indexer Version: 1.0.0 The skill's stated purpose of indexing workspace directories is benign, and the instructions in SKILL.md align with this goal. However, the skill explicitly requires and instructs the use of the 'exec' tool (as seen in skill.json and SKILL.md) for tasks like 'scanning workspace directory structure' and 'checking for running services/containers'. While these actions are plausible for an indexer, the 'exec' tool, if unconstrained or improperly handled by the AI agent, presents a significant vulnerability for arbitrary command execution. There is no evidence of intentional malicious behavior, but the reliance on a powerful and potentially dangerous tool makes this skill suspicious due to the inherent RCE risk.
- External report
- View on VirusTotal