Back to skill
Skillv1.0.2
VirusTotal security
Genome Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:17 AM
- Hash
- fd6128d536fc28fa85a1d16fa16592975294b6c9e5b0e303d605d60fa74bd198
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: genome-manager Version: 1.0.2 The skill bundle is classified as suspicious due to a path traversal vulnerability in `scripts/genome_manager.py`. The `name` argument, used in commands like `create`, `get`, `mutate`, and `validate`, is directly incorporated into file paths (e.g., `GENOMES_DIR / f"{args.name}.json"`) without sanitization. This allows an attacker to use `../` sequences in the genome name to read or write files outside the intended `~/.openclaw/genomes/` directory. While this is a significant vulnerability, it is a flaw that *allows* attacks rather than code *designed* for malicious actions like data exfiltration or remote execution. No prompt injection attempts were found in `SKILL.md`.
- External report
- View on VirusTotal