Back to skill
Skillv0.1.0
VirusTotal security
Archon Vault · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:34 AM
- Hash
- 72f2942ebee843006028691e80521a1921704f2edaee597ad64477ac6bf6ba87
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: archon-vault Version: 0.1.0 The skill is classified as suspicious due to multiple critical shell injection vulnerabilities across several scripts. User-controlled arguments are passed directly to `npx` commands (e.g., in `scripts/vaults/*.sh`) and directory paths are constructed from user input without sanitization (e.g., `TARGET_DIR` in `scripts/backup/disaster-recovery.sh` and `scripts/backup/restore-from-vault.sh`), potentially allowing arbitrary command execution or directory traversal. While the skill's stated purpose of backing up agent data is legitimate and it attempts to exclude sensitive files, these vulnerabilities represent significant security flaws that could be exploited by a malicious user or a compromised agent.
- External report
- View on VirusTotal