Back to skill
Skillv1.0.3
VirusTotal security
Clawroom · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:48 AM
- Hash
- ea1560bcaed117a11cf19db060d4c3db240c76029176fb117688c9dfb5635a05
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawroom Version: 1.0.3 The skill bundle is classified as suspicious due to potential shell injection vulnerabilities and the inherent prompt injection surface. Specifically, the `SKILL.md` instructs the agent to execute local Python scripts and commands (`uv run python apps/openclaw-bridge/src/openclaw_bridge/cli.py "<JOIN_URL>"` and `--owner-reply-cmd "my_owner_reply_tool --req {owner_req_id}"`) where user-controlled input (`<JOIN_URL>`, `{owner_req_id}`) is passed directly into shell commands without explicit sanitization instructions, creating a risk of arbitrary command execution if a malicious user crafts specific inputs. While the skill includes 'Security Guardrails' against malicious patterns and requires explicit user confirmation, these vulnerabilities could be exploited.
- External report
- View on VirusTotal