Back to skill
Skillv0.4.0
VirusTotal security
Remote Disk Mount · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:39 AM
- Hash
- aa0ea1c9699952a2ff28a69fbf1a91fabb56f1b1f0f205a0a2242f8881a09696
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: remote-disk-mount Version: 0.4.0 The skill aims to mount remote disks, which inherently involves privileged operations and handling user credentials. While the SKILL.md provides explicit security guidelines and a checklist for the agent to follow (e.g., user confirmation for sudo, deleting sensitive credential files), the SMB mounting method instructs the agent to write user-provided passwords to `/root/.smbcredentials` using `sudo tee`. Although `chmod 600` is applied and deletion is instructed, this temporary storage of credentials in a privileged location, combined with the use of `sudo apt install -y` and the general risks of mounting untrusted remote storage, presents a vulnerability if the agent fails to strictly adhere to the security instructions. There is no evidence of intentional malicious behavior like data exfiltration or backdoors, but the credential handling and privileged operations elevate it beyond benign.
- External report
- View on VirusTotal