Back to skill
Skillv0.1.0
VirusTotal security
ClawBio Orchestrator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:34 AM
- Hash
- f2a05ea4979543792b2a56ffda16689d9166bc67893d3c2e2b66492de132ed80
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawbio-orchestrator Version: 0.1.0 The skill is designed as a meta-agent for bioinformatics, with the `SKILL.md` providing clear, benign instructions and explicit safety rules against data exfiltration and unauthorized file access. However, the `orchestrator.py` script exhibits potential path traversal vulnerabilities in its `sha256_file` and `append_audit_log` functions. These functions directly use user-provided paths (`--input`, `--output`) without explicit sanitization, which could allow reading or writing files outside the intended working directory if the OpenClaw agent does not strictly enforce the path verification rules outlined in `SKILL.md`.
- External report
- View on VirusTotal