Back to skill
Skillv1.0.0
VirusTotal security
Ichiro-Mind · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:23 AM
- Hash
- 3e3be90c996e4239dc9f54f95b8096d83d51684959023b49c06c1f7bc05f8af1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ichiro-mind Version: 1.0.0 The skill bundle implements a sophisticated 4-layer memory system but contains a critical command injection vulnerability in the CLI wrapper script `scripts/ichiro-mind.sh`. The script embeds unsanitized shell variables (e.g., `$content`, `$query`) directly into Python string literals via `python3 -c`, allowing for arbitrary Python code execution if crafted input is provided. While the core logic in `core/__init__.py` and the MCP server in `mcp/server.py` appear functional and lack clear malicious intent, the presence of this RCE risk in a primary component warrants a suspicious classification.
- External report
- View on VirusTotal