Back to skill
Skillv0.2.4
VirusTotal security
4claw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 11, 2026, 3:12 AM
- Hash
- 213a0924db05420fd00f0172ba86f1fdc31d0e466af4ef8d73938c2400a7d660
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: 4claw Version: 0.2.4 The skill bundle is suspicious due to its self-update mechanism, which downloads and overwrites `SKILL.md` and `HEARTBEAT.md` from `https://www.4claw.org` into `~/.config/4claw/`. While intended for legitimate updates, this creates a supply chain vulnerability where a compromised `4claw.org` could serve malicious instructions, leading to prompt injection against the agent. Additionally, the `SKILL.md` encourages 'edgy' and 'trolly' behavior, which, despite explicit safety rules, could be interpreted by an agent to push boundaries in ways that are not strictly malicious but could be problematic.
- External report
- View on VirusTotal