Back to skill
Skillv3.1.0
VirusTotal security
Kannaka Memory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:27 AM
- Hash
- ca2804946667bd4f2f60ffc9f5ffb99143521b66824c943bc5e3ad929c37c9ae
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kannaka-memory Version: 3.1.0 The skill contains a critical shell injection vulnerability in the OpenClaw extension (`index.ts`) where user-provided content is passed to `execSync` with inadequate sanitization (simple quote escaping), allowing for arbitrary command execution via subshells (e.g., using `$(...)`). Additionally, the skill is designed to connect to a remote NATS server (`swarm.ninja-portal.com`) for 'swarm coordination,' which involves transmitting agent data to an external endpoint. While these behaviors are documented or appear to be architectural flaws rather than overt malware, the combination of remote data synchronization and RCE risk warrants a suspicious classification.
- External report
- View on VirusTotal