Back to skill
Skillv1.0.0
VirusTotal security
Openclaw Pixel Agents Dashboard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:50 AM
- Hash
- d8fb093629ce654804985f98ccb9757d21857f234f868f090a797ba664e9b0ee
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-pixel-agents-dashboard Version: 1.0.0 The skill bundle provides a legitimate-looking pixel art dashboard for OpenClaw, but it contains several high-risk implementation patterns that create a significant attack surface. Specifically, 'server/services.ts' and 'server/hardware.ts' use 'execSync' to execute shell commands (including 'systemctl' and 'ssh') constructed directly from unsanitized configuration values, which is a classic shell injection vulnerability. Furthermore, 'server/version.ts' includes functionality to perform global system modifications via 'npm update -g'. While these capabilities are aligned with the stated purpose of service management and hardware monitoring, the lack of input validation and the use of 'sshpass' for credential handling make the bundle highly risky for deployment in environments where the configuration file might be influenced by untrusted data.
- External report
- View on VirusTotal