Back to skill
Skillv1.2.1
VirusTotal security
Computer Use · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 3:13 AM
- Hash
- 813c0b1fdf3d87eccb80ffaecef13ce9b54d7a07dc8d727faa7de7c08b3f22f9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: computer-use Version: 1.2.1 The skill bundle is designed for legitimate desktop control, but contains several security vulnerabilities. The most critical is `scripts/vnc_start.sh`, which starts an `x11vnc` server with the `-nopw` flag, allowing unauthenticated local access to the virtual desktop. While the recommended `setup-vnc.sh` script does not use this flag for its service, the presence of `vnc_start.sh` in the bundle introduces a significant risk if invoked. Additionally, `scripts/cursor_position.sh` uses `eval`, and scripts like `scripts/key.sh` and `scripts/hold_key.sh` pass user input directly to `xdotool`, which could be exploited via prompt injection or if `xdotool` has parsing vulnerabilities, allowing for potentially disruptive key sequences or commands.
- External report
- View on VirusTotal