Back to skill
Skillv1.0.2
VirusTotal security
Private Bridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:30 AM
- Hash
- f93ef3d4757417cda05236bf36f49372d8b94323262014a556e01d30c50d15d9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: private-bridge Version: 1.0.2 The skill provides powerful remote control capabilities, including executing AI prompts, triggering workflows, and restarting the OpenClaw process, as defined by the `OpenClawRuntime` interface in `capabilities.ts` and implemented in `relayClient.ts`. While these capabilities are transparently declared in `SKILL.md` and `README.md` and align with the stated purpose of remote management, they inherently introduce a significant attack surface. If the remote relay server (e.g., `wss://relay-terminal-cloud.fly.dev`) is compromised, or if the host OpenClaw runtime's implementation of `executePrompt` or `executeWorkflow` is not adequately sandboxed, these declared functionalities could be exploited for remote code execution or unauthorized system manipulation. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, persistence mechanisms, or obfuscation within the skill's code or documentation.
- External report
- View on VirusTotal