Back to skill
Skillv1.0.0
VirusTotal security
apollo-evolution · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 8, 2026, 2:41 PM
- Hash
- 7fd32cb88e2eb266d176cb1a0290805c278d95ba382ebad135109c2d9ec79669
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: apollo-evolution Version: 1.0.0 The skill bundle implements a framework for 'evolving' skills through copying and mutation, but it contains a path traversal vulnerability in `scripts/apollo-evolution/evolution.sh`. The `cmd_copy` and `cmd_mutate` functions use an unsanitized `skill_name` argument to construct file paths, which could allow an agent to read arbitrary system files by copying them into the `.memory` directory (e.g., using `../../etc/passwd` as a skill name). While the behavior aligns with the stated purpose in `SKILL.md`, the lack of input validation and the high-privilege capability to manipulate other skills' source code are significant security risks.
- External report
- View on VirusTotal