Back to skill
Skillv3.1.3
VirusTotal security
openclaw-skill-manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 17, 2026, 9:21 AM
- Hash
- bc460c648a2c56434474ba9db3dcc7ecf3d20b1a36d2c684ba6eb6261c82c456
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-skill-manager Version: 3.1.3 The skill bundle functions as a meta-manager for the OpenClaw environment, possessing high-risk capabilities such as modifying core configuration files (~/.openclaw/openclaw.json), restarting the system gateway, and installing code from arbitrary remote URLs via 'curl | tar' (SKILL.md). While these actions align with the stated purpose of managing skills, the instructions rely heavily on shell command templates with unvalidated placeholders (e.g., <source>, <用户输入路径>), which creates a significant surface for command injection and unauthorized code execution. The ability to download and extract remote payloads into the skill directory is a high-risk pattern that warrants caution.
- External report
- View on VirusTotal