Back to skill
Skillv1.0.0
VirusTotal security
KinthAI Self-Improving User · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 10, 2026, 3:11 PM
- Hash
- d598165296a80a7447d7d82af3b1743a6cf627d19dd791518432bd9e3c6fe1df
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kinthai-self-improving-user Version: 1.0.0 The skill implements a per-user memory system by reading and writing files in the workspace. It is classified as suspicious due to potential path traversal and command injection vulnerabilities in `hooks/openclaw/handler.js`. Specifically, the `userId` extracted from `event.context.SenderId` is used to construct file paths and bash commands without sufficient sanitization. While the logic is aligned with the stated purpose of self-improvement, the reliance on the AI agent to enforce privacy boundaries and the lack of input validation on the `userId` pose security risks. Additionally, the README.md references several shell scripts (e.g., `promote.sh`, `activator.sh`) that are missing from the provided bundle.
- External report
- View on VirusTotal