Back to skill
Skillv0.1.0
VirusTotal security
Openclaw Auto Training Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 21, 2026, 11:16 AM
- Hash
- d05fc227f8c3a6b0a43a96bfa08cdd38ccdbf0c055ecfdf129f42cde0e500b3a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-auto-training-skill Version: 0.1.0 The skill 'openclaw-auto-training-skill' (defined in skill.md) implements an autonomous loop that automatically installs new software via 'clawhub install' based on unvalidated strings returned from an external LLM judge (OpenRouter). This creates a significant Remote Code Execution (RCE) risk, as the instructions explicitly command the agent to bypass human approval ('Never ask your human to run commands... or install anything manually'). While the stated purpose is self-improvement and QA, the combination of reading sensitive local environment files and executing remote installation commands without a human-in-the-loop is a high-risk pattern.
- External report
- View on VirusTotal