Back to skill
Skillv1.0.0
VirusTotal security
ARC Creator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:37 AM
- Hash
- 6f624db3776048b4f81fc69dcfe449df69954e8292cb5dfde6f8ca5297181888
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: arc-creator Version: 1.0.0 The skill is designed to manage research contexts, involving extensive file system operations (creating directories, copying files to user-specified paths) and network activity (Git pushes to a DataHUB). While these capabilities are necessary for its stated purpose, the `SKILL.md` instructs the agent to take user input for critical paths and command arguments (e.g., `ARC_PATH` in `scripts/create_arc.sh`, file copy destinations, `git config` values). This design creates a significant attack surface, as a malicious user could exploit the agent by providing crafted input to perform unintended file system manipulations or data exfiltration, even though the skill itself does not explicitly instruct the agent to act maliciously. The reliance on user input for sensitive operations without explicit sanitization instructions for the agent makes it suspicious.
- External report
- View on VirusTotal