Back to skill
Skillv1.0.0
VirusTotal security
knowledge is what brings us together · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:42 AM
- Hash
- adc88100fcf32bb30e38470e214da0be8c451394cadad818ca5327393bd29dd1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: knowledge-brain Version: 1.0.0 The skill bundle is classified as suspicious due to numerous instances of potential shell injection and path traversal vulnerabilities. The `SKILL.md` instructs the AI agent to execute various shell commands (`yt-dlp`, `whisper`, `mkdir`, `mv`, `rm`, `git`, `grep`) and perform file operations (`Read`, writing to `.md` files) using user-controlled input (URLs, file paths, content, category names, search queries). The lack of explicit input sanitization instructions for these operations creates a high risk of remote code execution or arbitrary file system access if a malicious user provides specially crafted input. While there is no clear evidence of intentional malicious design (e.g., data exfiltration to an attacker-controlled server, backdoors), the critical vulnerabilities make the skill highly risky.
- External report
- View on VirusTotal