Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw AntSeed · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:37 AM
- Hash
- d7c3cb43832856d5790f77b98f6e18d50699ec5840189370424ebe2767f46a4f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-antseed Version: 1.0.0 The `scripts/setup.sh` file contains critical shell injection vulnerabilities. User-provided arguments such as `--model`, `--model-name`, `--port`, `--bootstrap`, `--context-window`, and `--max-tokens` are directly embedded into Python scripts executed via `python3 -c "..."` and into the `ExecStart` command of a systemd service file without proper sanitization. This allows for arbitrary code execution if an attacker can control the input arguments to the script.
- External report
- View on VirusTotal