Back to skill
Skillv1.0.2
VirusTotal security
BMad Method · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:22 AM
- Hash
- 08c1be9c72d3ab8d2aee065b067b666e98442651b6fad0bb3775914be4a9a9de
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lb-bmad-skill Version: 1.0.2 The skill is classified as suspicious due to explicit instructions in `SKILL.md` for the AI agent to use `--dangerously-skip-permissions` or `--permission-mode bypassPermissions` with `claude` commands. This disables critical security safeguards, creating a severe Remote Code Execution (RCE) vulnerability via prompt injection, as an attacker could then execute arbitrary commands without user confirmation. Additionally, the use of `bash pty:true` and `pkill -f` commands, while potentially for legitimate automation, further increases the attack surface if the agent is compromised. There is no clear evidence of intentional malicious behavior like data exfiltration or backdoor installation, but the deliberate disabling of security features for convenience constitutes a high-risk vulnerability.
- External report
- View on VirusTotal