Back to skill
Skillv1.0.2
VirusTotal security
Context Cleaner (.md cleanup) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:00 AM
- Hash
- 7e89c4e1e5b12e47b6716ee6583e2ebbec842769efc7da62669002aae0f02450
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: context-cleaner Version: 1.0.2 The `context-cleaner` skill contains multiple critical shell injection vulnerabilities within its `SKILL.md` instructions. The AI agent is instructed to execute `bash` commands such as `ls`, `tar`, and `wc -l` where user-provided input (e.g., `AGENT_NAME`) is directly embedded into the command string without apparent sanitization. This flaw could allow a malicious user to inject arbitrary commands, leading to remote code execution (RCE) on the host system. While the skill's stated purpose is benign and includes safety measures like backups and user confirmation, the presence of these severe, exploitable vulnerabilities makes it highly suspicious.
- External report
- View on VirusTotal