Back to skill
Skillv0.2.0
VirusTotal security
clawpacker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 7:06 AM
- Hash
- b25f2194d3a89aad02b82733426097dbee4452f2889e22343ea15a5190836cef
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawpacker Version: 0.2.0 The SKILL.md file functions as a dynamic instruction loader, explicitly directing the AI agent to fetch and follow instructions from external URLs (raw.githubusercontent.com/cogine-ai/clawpack/...) instead of using local code. This pattern bypasses static analysis and creates a significant risk of remote instruction injection, where an attacker controlling the remote repository could execute arbitrary commands or exfiltrate data through the agent.
- External report
- View on VirusTotal