Back to skill
Skillv1.0.0
VirusTotal security
Code Cache · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:51 AM
- Hash
- e14fd28e65ffa3671960abb9a4933fd0523fcf3dae3f4988fce3ac3132489dcb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: code-cache Version: 1.0.0 The skill is classified as suspicious due to its inherent high-risk capabilities, which, while aligned with its stated purpose, present a significant attack surface for misuse. The `code_cache.py` script allows reading arbitrary local files (via `cmd_upload`) and writing arbitrary code received from the Raysurfer API to local files (via `cmd_files`). These operations, coupled with network communication to a third-party API (raysurfer.com), could be exploited through prompt injection against the AI agent to exfiltrate sensitive local files, perform arbitrary file writes, or execute untrusted code. There is no clear evidence of intentional malicious behavior by the skill developer, but the broad permissions and powerful file system interactions warrant a 'suspicious' classification.
- External report
- View on VirusTotal