Back to skill
Skillv1.0.0
VirusTotal security
Code QC · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:07 AM
- Hash
- 98c34dc56c2a9a36845f736ba871d3cbf8b76008de970a9b1c2ded550cc9e1cb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: code-qc Version: 1.0.0 The skill bundle is designed for legitimate code quality control, involving extensive execution of external tools (linters, test runners, type checkers) and custom Python scripts. The primary reason for 'suspicious' classification is the inherent risk of the AI agent being instructed to generate and execute code (smoke tests) from the target codebase, as detailed in SKILL.md and language profiles. Additionally, `scripts/import_check.py` directly executes top-level code of modules it imports. While these actions are necessary for a comprehensive QC audit, they represent a significant vulnerability (potential RCE) if the target codebase is malicious or if the AI's code generation process is compromised. There is no evidence of intentional malicious behavior such as data exfiltration, persistence, or obfuscation within the skill bundle itself.
- External report
- View on VirusTotal