Back to skill
Skillv1.0.1
VirusTotal security
ai-learning-journal AI学习助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:57 AM
- Hash
- 50f863e1bd56cb8f8f3875f55f264ac1f4f73f30aa460fc9ab2ed08041afc456
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-learning-journal Version: 1.0.1 The skill `ai-learning-journal` is designed to manage AI learning notes, which inherently requires file system interactions. The `SKILL.md` instructs the AI agent to use `create_file` and `replace_string_in_file` to store and update markdown files within its own skill directory (`~/.copilot/skills/ai-learning-journal/records/`). While the instructions explicitly confine file operations to this directory, the presence of file write/read capabilities (even for legitimate purposes) introduces a potential vulnerability for path traversal or arbitrary file write/read if the underlying OpenClaw agent's file system functions do not robustly sanitize user-provided input used in filenames or paths. There is no evidence of intentional malicious behavior such as data exfiltration, unauthorized execution, or persistence mechanisms instructed by the skill itself, but the high-risk nature of file system access warrants a 'suspicious' classification due to potential vulnerabilities in the agent's implementation.
- External report
- View on VirusTotal