Back to skill
Skillv1.1.4
VirusTotal security
Worktree Codex Parallel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:58 AM
- Hash
- 11badff5f0d648b588602cd7c89f5cc2bdcd97124b44b3c054a75dd18d000062
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: worktree-codex Version: 1.1.4 The skill is classified as suspicious due to several high-risk behaviors. The `dashboard.py` script exfiltrates detailed operational logs (including executed shell commands) to `openrouter.ai` for 'smart analysis', sending internal data to a third-party service. Furthermore, `dashboard.py` contains a local file read vulnerability in its `/reload` and `/register` endpoints, allowing arbitrary file content to be read if a malicious agent or attacker provides crafted log paths. Additionally, `SKILL.md` and `orchestrate.sh` instruct the agent to use dangerous flags like `--dangerously-bypass-approvals-and-sandbox` and `git commit --no-verify`, which bypass security mechanisms and increase the risk of unintended actions or exploitation.
- External report
- View on VirusTotal