Back to skill
Skillv0.1.2
VirusTotal security
Coala Client · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:16 AM
- Hash
- 718d1e491032b1fb39b3eca692864d87535fe1d983e41cbbd36f75853f259074
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: coala Version: 0.1.2 The `SKILL.md` file describes the `coala-client` tool's ability to import MCP toolsets and skills from arbitrary HTTP(S) URLs. Specifically, `coala mcp-import` and `coala skill` commands allow fetching `.cwl` files, `.zip` archives, or skill directories from remote locations. This introduces a significant supply chain risk and potential remote code execution (RCE) vulnerability, as the AI agent could be prompted to download and process untrusted remote content, even though the skill itself does not demonstrate malicious intent.
- External report
- View on VirusTotal