Back to skill
Skillv0.1.6
VirusTotal security
Openclaw Skill Ansible · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:14 AM
- Hash
- 128c90a3bc864bbe32de1d98d89b0d534d37ed3a103225190c6d652ee3e92e9f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-skill-ansible Version: 0.1.6 The bundle implements a distributed coordination mesh with high-risk administrative capabilities, specifically remote command execution (run-cmd.sh) and remote skill deployment (deploy-skill.sh). While these actions are protected by multi-layered security gates—including environment variable toggles (OPENCLAW_ALLOW_HIGH_RISK), caller allowlists in src/handler.py, and SHA256 integrity checks for remote artifacts—the inherent capability to download and execute code or run shell commands across a mesh of gateways is high-risk. The documentation (SKILL.md and docs/) outlines a legitimate 'MeshOps' purpose with a 'Ring of Trust' governance model, suggesting these features are intended for orchestration rather than malice, but the potential for abuse remains significant.
- External report
- View on VirusTotal