Back to skill
Skillv1.0.0
VirusTotal security
Personality Dynamics · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:55 AM
- Hash
- 790ebb65b6fd0c6567d98779c4f6c5e8a73bcd80733b1397915390a9c259605f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: personality-dynamics Version: 1.0.0 The skill is classified as suspicious due to significant vulnerabilities. The `cli.ts` script uses `execSync` to run other scripts with unsanitized user arguments (`remainingArgs`), posing a shell injection risk (RCE vulnerability). Additionally, `generate-persona.ts` directly embeds user input into LLM prompts that are explicitly spawned by the OpenClaw agent, creating a prompt injection vulnerability against the agent's underlying LLM. Other scripts like `expand.ts` and `onboard.ts` also write unsanitized user input into persona definition files, which could serve as indirect prompt injection vectors if the agent's LLM reads these files for context. These are critical vulnerabilities, not evidence of intentional malicious behavior.
- External report
- View on VirusTotal