Back to skill
Skillv1.0.2
VirusTotal security
Implementation Plan · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:03 AM
- Hash
- f68984b6280aa327d6b5bef0b3e85c27bdf33a82fc57ea38782d9e4f1e3d8f51
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: implementation-plan Version: 1.0.2 The skill instructs the AI agent to generate implementation plans, which include sections for `Code: [snippet]` and `Running:bash [command]` in SKILL.md. This capability allows the agent to generate arbitrary code and shell commands based on user input. While aligned with the stated purpose of creating project plans, this introduces a significant remote code execution (RCE) vulnerability if a malicious user prompts the agent to generate harmful commands or code, or if the agent unintentionally generates risky commands. There is no evidence of intentional malicious behavior by the skill developer, but the inherent risk of generating executable content makes it suspicious.
- External report
- View on VirusTotal