Back to skill
Skillv0.1.5
VirusTotal security
Python Executor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:31 AM
- Hash
- 5e8fc2c62dd9ec2bacb1ab5ce05ca1b29c79a8996c9af00915f9543c8f99b58e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: python-executor Version: 0.1.5 The skill allows the AI agent to execute arbitrary Python code within a sandboxed environment via `infsh app run`. The `allowed-tools: Bash(infsh *)` permission is broad, granting the agent the ability to execute any `infsh` command. While the `SKILL.md` claims a 'safe sandboxed environment' and does not contain explicit malicious instructions for the agent, the inherent capability to execute arbitrary code (even if sandboxed) and the broad `infsh` permissions present a significant risk if the agent were to be compromised via prompt injection, potentially leading to the execution of malicious Python code or other `infsh` commands.
- External report
- View on VirusTotal