Back to skill
Skillv1.0.2
VirusTotal security
Chief Feature Workflow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:41 AM
- Hash
- 3004d1bc806c4e3d8f2700479881ca21b91ac87cf943ec3efc2abacc61185b69
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: chief-feature Version: 1.0.2 The skill is designed to automate a development workflow using the 'chief' CLI tool, which inherently executes project-defined code (e.g., `make test`, `pnpm typecheck`). The `SKILL.md` instructs the AI agent to 'Approve bash prompts with `1` + Enter (or `2` to always allow)' and to delegate the entire process to a subagent for autonomous execution. This combination creates a significant remote code execution (RCE) vulnerability, as the agent is instructed to trust and execute potentially malicious build/test scripts from an untrusted project without explicit human oversight. While the skill itself does not contain malicious code, it provides the mechanism for an agent to execute arbitrary code from a compromised or malicious project, classifying it as suspicious due to this high-risk capability.
- External report
- View on VirusTotal