Back to skill
Skillv1.0.1
VirusTotal security
Frugal Orchestrator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:36 AM
- Hash
- feb83d3be8e338a9505f69100b60f4647a506980a7960fa628c78f8a9170ab57
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: frugal-orchestrator Version: 1.0.1 The bundle provides a comprehensive orchestration framework with high-risk capabilities, including automated shell command execution and script management. Significant vulnerabilities exist in `batch_processor.py`, which uses `subprocess.run(shell=True)` on task inputs, and `auto_router.py`, which dynamically constructs `curl` commands; both patterns are susceptible to shell injection and RCE. While these are critical security flaws, they appear to be unintentional vulnerabilities within a functional toolset rather than intentional malware. Additionally, `phase5_automation.sh` performs `git push` operations, indicating the skill expects high-privilege access to the local environment.
- External report
- View on VirusTotal