Skillv1.0.4

VirusTotal security

backstage companion · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewMay 1, 2026, 3:56 AM

Hash: f07aa458fcf0043ff324036bc31ee92ccb33a2c8fcf7cea1c2d476d78674ebfd
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: backstage Version: 1.0.4 This skill is highly suspicious due to a critical supply chain vulnerability and explicit prompt injection capabilities. The `update-backstage.sh` script clones a remote GitHub repository (`https://github.com/nonlinear/backstage`) and uses `rsync -av --delete` to copy its `checks/global/` directory into `$HOME/Documents/backstage/backstage/checks/global/`. The `checks.sh` script then executes all `.sh` files and interprets all `.md` files from this `$HOME` directory. This creates a direct remote code execution (RCE) vector, allowing the upstream repository maintainers to execute arbitrary code or inject malicious prompts into the AI agent. Furthermore, `SKILL.md` contains explicit instructions to the AI agent to execute `osascript` and then `[STAY SILENT]`, demonstrating the ability to instruct the agent to perform actions and suppress its output, a technique often used for stealth and evasion in prompt injection attacks, even if the current use case (quitting VS Code) is benign. While the skill explicitly warns users about its elevated privileges and risks, the combination of supply chain RCE and prompt injection with stealth capabilities makes it a severe security risk.
External report: View on VirusTotal