Back to skill
Skillv1.0.0
VirusTotal security
claw-turbo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 4:21 AM
- Hash
- 3753a31eb81ffe30b911e59730f161c5407cb42f70eef23c2e296a5c339d87dd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw-turbo Version: 1.0.0 The skill bundle describes a middleware ('claw-turbo') designed to intercept user commands via regex and execute shell commands directly to bypass LLM latency. This architecture introduces a significant Remote Code Execution (RCE) risk, as seen in 'routes.example.yaml', which demonstrates passing the '{{raw_message}}' variable directly into bash scripts without sanitization. While the stated intent is performance optimization, the tool functions as a transparent proxy that executes arbitrary system commands (e.g., systemctl, journalctl) based on unvalidated input, creating a high-risk attack surface.
- External report
- View on VirusTotal