Back to skill
Skillv1.0.0
VirusTotal security
Adversarial Review · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 25, 2026, 6:21 PM
- Hash
- 119f09e66979577144f576a3605d5607df280f909baa7f18eb1cbdd183a9e2f4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: adversarial-review Version: 1.0.0 The bundle contains a critical shell injection vulnerability in `scripts/cp-output.sh` due to the use of `eval` on the `$DESTINATION` argument, which allows arbitrary command execution if the path is influenced by an attacker. Additionally, `SKILL.md` contains 'self-triggering' instructions designed to override the agent's behavior and force the review loop on all substantial documents, a form of prompt injection. While the stated purpose of adversarial document review is legitimate, the combination of high-risk shell patterns and behavioral overrides warrants caution.
- External report
- View on VirusTotal