Back to skill
Skillv1.0.2
VirusTotal security
Memory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 8:17 AM
- Hash
- 865d529edfc0f468d6dc7c22aa1df1581d8c57db4c50b7d8c200150a3e78097d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: memory Version: 1.0.2 The skill's core functionality is benign, providing an organized memory system within `~/memory/`. However, `SKILL.md`, `patterns.md`, and `troubleshooting.md` contain explicit instructions for the AI agent to execute various shell commands (`grep`, `cat`, `mv`, `ls`, `mkdir`, `wc -l`, and multi-line bash scripts). While these commands are intended for managing the skill's data, they introduce a significant prompt injection vulnerability. If the agent constructs arguments for these commands from unsanitized user input, it could lead to shell injection (RCE). This is a critical vulnerability in the agent's interaction model, not an intentional malicious act by the skill itself, as the skill explicitly denies network requests or data exfiltration.
- External report
- View on VirusTotal