Back to skill
Skillv1.0.2
VirusTotal security
R4 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:40 AM
- Hash
- 86488b30ab5e59429060220ee23d7493acd36d3ef309cfca990090a2e906bf54
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: r4 Version: 1.0.2 The skill grants the AI agent highly privileged capabilities, including the ability to execute arbitrary shell commands (`r4 run -- <command>`) with all vault secrets injected as environment variables, and to manage domains (purchase, modify DNS records) via `curl` commands to `r4.dev`. While these capabilities are presented as legitimate tools for the agent's operation and the `SKILL.md` includes defensive security rules, the power to run arbitrary code with secrets and control domain infrastructure represents a significant attack surface. A compromised agent (e.g., via prompt injection) could leverage these capabilities for data exfiltration or service disruption, classifying it as suspicious due to high-risk functionality without explicit malicious intent from the skill developer.
- External report
- View on VirusTotal