Back to skill
Skillv1.1.0
VirusTotal security
War Room — Adversarial Decision Engine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:00 AM
- Hash
- 5fdee43bf9ce0a0ef5d367d533f8fc1875ef3d9fa434fe474eb71253b7c44285
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: iris-war-room Version: 1.1.0 The skill is suspicious due to a critical shell injection vulnerability found in `references/prompts.md`. The `exec` command `cat > /tmp/rt_{topic}.md << 'DATA'\n{proposal_content}\nDATA` constructs a shell command using potentially unsanitized variables `{topic}` and `{proposal_content}`. This allows for arbitrary command execution if a malicious user provides specially crafted input, posing a remote code execution risk. While the stated purpose of writing a temporary file for token optimization is benign, the implementation method introduces a severe flaw.
- External report
- View on VirusTotal