Back to skill
Skillv1.0.0
VirusTotal security
Task Supervisor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:55 AM
- Hash
- 59cc751a32e3d31cedd020075dacb0fed3ba89a7b7fbfe68b4063ad4cf38511e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: task-supervisor Version: 1.0.0 The skill is classified as suspicious due to its use of high-risk capabilities that, while seemingly intended for legitimate task management, create significant vulnerabilities. Specifically, the `SKILL.md` instructs the agent to use `exec` to create cron jobs, which is a powerful primitive allowing arbitrary command execution and establishing persistence. Furthermore, the `--message` argument for the `openclaw cron add` command acts as a prompt for a sub-agent, instructing it to read a file (`.tasks/<SLUG>.md`) and send its content via Feishu. This nested prompt injection surface, combined with file read and exfiltration capabilities, presents a critical vulnerability for data exfiltration if an attacker could manipulate the `TASK-SLUG` or inject into the cron message.
- External report
- View on VirusTotal