Back to skill
Skillv1.0.0
VirusTotal security
Prefy · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:56 AM
- Hash
- 4cdcd213032dc0dcb16360c4a5bdfc0f4571d2103c3651db325e25cd7ce5f044
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: prefy Version: 1.0.0 The skill bundle is classified as suspicious due to the high-risk capabilities exposed in the `SKILL.md` file. The 'Server Management' section describes an API endpoint (`POST /api/v1/servers/command`) that allows sending arbitrary commands to a provisioned server. Specifically, the `shell <cmd>` command enables direct remote code execution (RCE), and the `cron add` command allows for scheduling arbitrary commands, creating a persistence mechanism. While these capabilities might be intended for legitimate server management, their exposure to an AI agent creates a significant attack surface, allowing for potential misuse, RCE, and backdoor installation on user-provisioned servers if the agent is compromised or misdirected.
- External report
- View on VirusTotal