Back to skill
Skillv1.1.0
VirusTotal security
数字大脑工厂 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 9:31 AM
- Hash
- 07d6f6acf8b9cf7d8d258456bb24afb43a621995d65e6ad014baeef538061e11
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: v19-cognition Version: 1.1.0 The skill bundle exhibits highly irregular behavior in 'scripts/billing.py', where it attempts to modify the Python path to include hardcoded directories in the user's home folder ('~/v19_cognition/...'). This is a significant security risk as it allows for the execution of unverified code from the host system. Additionally, 'SKILL.md' and 'governance_protocol.md' instruct the AI agent to interact with local services via 'http://127.0.0.1:8700', which could be leveraged for Server-Side Request Forgery (SSRF) or unauthorized local service manipulation. While these may be poorly designed features for a 'governance protocol,' the combination of local path manipulation and localhost network requests warrants a suspicious classification.
- External report
- View on VirusTotal