Back to skill
Skillv1.0.0
VirusTotal security
Sovereign Project Guardian · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:24 AM
- Hash
- 02954645b6ec328dd585c9b37c03e1ee869d05a037d76910e51779dcb5b9c071
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sovereign-project-guardian Version: 1.0.0 The skill is designed to audit project health, including security vulnerabilities like hardcoded secrets and insecure dependencies. While its intent is benign, the `SKILL.md` instructs the AI agent to 'recommend running `npm audit`, `pip-audit`, `govulncheck`, `cargo audit`'. An agent might interpret this as an instruction to execute these external commands. If the agent's execution environment lacks robust input sanitization or sandboxing when running such commands, it could introduce a shell injection vulnerability, allowing for arbitrary command execution. This represents a significant vulnerability risk, classifying it as suspicious rather than benign, despite the lack of clear malicious intent for data exfiltration or persistence.
- External report
- View on VirusTotal