Back to skill
Skillv1.0.0
VirusTotal security
Clawdocs Improved · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:23 AM
- Hash
- d77a033aa3d317a08c0451dff8fc375ffe0535946f53eab3d67481a981a6cae5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawdocs-improved Version: 1.0.0 The skill bundle is classified as suspicious primarily due to a critical prompt injection vulnerability found in `SKILL.md`. The instruction `curl -fsSL https://openclaw.ai/install.sh | bash` directly instructs the AI agent to execute remote code, posing a severe risk of arbitrary code execution if the agent is prompted to follow this or a similar command with a malicious URL. Additionally, the skill leverages an agent platform with inherently powerful and risky capabilities, as documented in `references/*.md` and `snippets/validated-configs.md`, including direct shell execution (`exec`, `elevated.enabled`), filesystem access (`read`, `write`), configuration modification (`configWrites`), and the ability to import shell environment variables (`shellEnv.enabled`), which, while potentially legitimate for the platform's design, significantly expand the attack surface.
- External report
- View on VirusTotal