Back to skill
Skillv1.0.0
VirusTotal security
Tsz · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:06 AM
- Hash
- c472e6d6eb055212cb5686b8505000d7cdded6f8b0b32fd05ce963ebe4077361
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hi Version: 1.0.0 The skill is designed for agent self-improvement and free AI model management, which are benign goals. However, the `scripts/extract-skill.sh` file, intended for creating new skill scaffolds, accepts an `--output-dir` argument without sufficient sanitization. If an AI agent were to be maliciously prompted (prompt injection) to execute this script with a sensitive or arbitrary path for `--output-dir`, it could lead to unauthorized file writes, potentially resulting in remote code execution or data corruption. This represents a significant vulnerability, classifying the skill as 'suspicious' rather than 'malicious' due to the lack of clear evidence of intentional harmful behavior within the script itself.
- External report
- View on VirusTotal