Back to skill
Skillv1.0.0
VirusTotal security
Sovereign Codebase Onboarding · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:25 AM
- Hash
- 857f062e4c7b0fadb6009b121bcb7271467db1d976169674fdaecbfc9dd9613c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sovereign-codebase-onboarding Version: 1.0.0 The skill is designed for comprehensive codebase analysis and onboarding, which inherently requires broad access to the file system (reading various configuration files, source code, and directory listings) and the ability to generate 'copy-paste commands' for setup and common tasks. While these capabilities are necessary for its stated, benign purpose, they present a significant attack surface for prompt injection. A malicious user could potentially craft a prompt to instruct the AI agent to read sensitive files outside the intended scope or generate and suggest harmful commands, making the skill 'suspicious' due to its exploitable capabilities, rather than 'malicious' as it does not contain explicit instructions for intentional harmful behavior within its own definition.
- External report
- View on VirusTotal