Back to skill
Skillv0.4.2
VirusTotal security
Coding PM · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:46 AM
- Hash
- 18664c48d28e0e7bfffc4a358d403c598112ba5919ecedbd16bd4e99741d4bb2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: coding-pm Version: 0.4.2 The skill is designed with a benign intent to manage a coding agent, and it includes several guardrails (e.g., dangerous pattern scanning, human-in-the-loop, explicit safety rules in `supervisor-prompt.md` to prevent modification of sensitive files or access outside the worktree). However, it explicitly enables highly permissive execution for the underlying Claude Code agent by requiring `tools.fs.workspaceOnly = false` (allowing filesystem access outside the OpenClaw workspace) and using `--dangerously-skip-permissions` in all `claude` invocations within `SKILL.md`. This flag, as noted in `SKILL.md`, 'may override --allowedTools restrictions', creating a significant vulnerability where a successful prompt injection against the Claude Code agent could lead to arbitrary code execution (RCE) and broad filesystem manipulation on the host system, despite the best-effort guardrails.
- External report
- View on VirusTotal