Back to skill
Skillv1.0.3
VirusTotal security
Adversarial Verification · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 4, 2026, 10:16 PM
- Hash
- 7fd53bc2424a9914f4b653430dec0f59a45b0bacccc942b905ee2f5f10d02d65
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: adversarial-verification Version: 1.0.3 The skill is designed for rigorous code testing but utilizes high-risk execution methods. Specifically, 'scripts/simple-verify.js' uses 'child_process.execSync' with 'shell: true' to perform actions like 'npm install' and executing node scripts on target paths, which presents a significant risk of Command Injection or RCE if the agent is directed toward untrusted directories. Furthermore, 'SKILL.md' contains complex behavioral instructions ('Recognize Your Own Rationalizations') designed to manipulate the AI agent's decision-making process; while intended to ensure testing rigor, this represents a sophisticated prompt-injection surface that overrides default agent logic.
- External report
- View on VirusTotal