Back to skill
Skillv0.1.0
VirusTotal security
HostLink · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 4, 2026, 3:52 PM
- Hash
- 0ba566fab7b76bc1f4430aabd3dd67f70cfb80cf68389e1c86e1ce9cb05395c2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hostlink Version: 0.1.0 The 'hostlink' skill provides a mechanism for the AI agent to execute arbitrary shell commands on the host machine from within the container, effectively bypassing container isolation. While the documentation (SKILL.md and references/setup.md) presents this as a utility for host-side tool management (e.g., Docker, GPUs), it grants the agent full RCE capabilities on the host, often with root privileges. This is an inherently high-risk capability that could be abused for host compromise, although no specific evidence of malicious exfiltration or hidden backdoors was found in the provided files.
- External report
- View on VirusTotal