Back to skill
Skillv1.4.1
VirusTotal security
Sdd Dev Workflow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:43 AM
- Hash
- 155529f5e59f0a53aedd67460630e74b70ffebe758c7922d92abda6ce2ab0a49
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sdd-dev-workflow Version: 1.4.1 The skill bundle implements a highly automated 'Specification Driven Development' workflow with high-risk capabilities. Key indicators include scripts like `scripts/sdd-driver.sh` and `references/dependency-installation.md` that perform 'zero-attention' automatic installation of packages via `apt`, `pip`, and `npm`. Furthermore, the driver script uses `tmux` to programmatically control the `claude-code` agent, including logic to automatically detect security prompts ('Do you want to proceed?') and bypass them by sending simulated 'Yes' inputs. While these behaviors are documented as features for autonomous operation, the ability to execute arbitrary system commands and bypass interactive security confirmations represents a significant attack surface if the agent is compromised or given malicious instructions.
- External report
- View on VirusTotal