Back to skill
Skillv1.0.0
VirusTotal security
魔盒node服务开发技能包 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:35 AM
- Hash
- 33d88e9bb1f8f904a254b2f6bc99a3f9ebfc8f6baa29400db0280e59af1155d9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: magicbox-node-dev Version: 1.0.0 The skill is classified as suspicious due to critical vulnerabilities found in `Dockerfile.base`. The `ENTRYPOINT` command starts `sshd` and `crond` services within the container, significantly increasing the attack surface and potential for unauthorized remote access or persistence. Additionally, `chmod 777` is applied to `/export/Data` and `/home/export/App/`, granting overly permissive write access. While there is no evidence of intentional data exfiltration or prompt injection against the agent, these practices introduce severe security risks.
- External report
- View on VirusTotal