Back to skill
Skillv1.0.0
VirusTotal security
Curiosity Engine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:27 AM
- Hash
- 8fe939ca26f97f6817e832414d0904befdfce8258922707e671a993236220977
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: curiosity-engine Version: 1.0.0 The `SKILL.md` file explicitly instructs the OpenClaw agent to use powerful tools like `read` and `exec` as part of its 'curiosity-driven reasoning' and 'tool-driven exploration' loop. While framed as enhancing reasoning, this grants the agent broad capabilities to read local files and execute arbitrary commands. The agent's directive to 'investigate' and 'explore' based on 'information gain' or 'surprise detection' creates a significant vulnerability for arbitrary file read and command execution (RCE) if the agent's interpretation or a prompt injection leads it to interact with sensitive system resources. This represents a high-risk capability without clear malicious intent, classifying it as suspicious.
- External report
- View on VirusTotal