Back to skill
Skillv0.1.0
VirusTotal security
Pve Automation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:10 AM
- Hash
- ea2fc211e873af3889aa03a7a176390f9276231d174b947302b5bbb9a3bb90ce
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pve-automation Version: 0.1.0 The skill bundle provides extensive automation for Proxmox VE, encompassing highly privileged operations such as VM/LXC lifecycle management, storage, network, and user permissions. The `scripts/pve_client.py` contains a critical vulnerability by disabling SSL certificate verification (`verify=False`), which exposes the client to Man-in-the-Middle attacks. Although this vulnerability is acknowledged in `README.md` as suitable only for trusted internal environments, it represents a significant security flaw. The `SKILL.md` itself, while describing powerful capabilities, also outlines numerous safety practices and does not contain explicit prompt-injection instructions for malicious actions like data exfiltration or backdoor installation. The classification is 'suspicious' due to the severe SSL vulnerability, not due to malicious intent.
- External report
- View on VirusTotal