Back to skill
Skillv1.0.0
VirusTotal security
Stdio Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:33 AM
- Hash
- ccc98b1f499a623b9f0acd227e3d974170755cb0da80ab51ee83cab6bbd65ccb
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: stdio-skill Version: 1.0.0 The skill provides a filesystem-backed inbox/outbox mechanism, which inherently involves file system access. However, the `scripts/server.js` implementation includes robust path traversal prevention (`safeName`, `resolveInBox`) and strictly confines all file operations (read, write, move, delete) to the `stdio/{inbox,outbox,tmp}` directories within the skill's workspace. The `SKILL.md` explicitly states these safety measures, and there are no signs of prompt injection, data exfiltration, or malicious execution. The `stdio_paths` tool provides limited information disclosure of the skill's internal directory structure, but this is contained and does not bypass the strong security controls.
- External report
- View on VirusTotal