Back to skill
Skillv1.0.0
VirusTotal security
Group Activation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:41 AM
- Hash
- ce1a4cfa78c245f3f3cf5a10e3d52aaf8305afe0309567522ee1e08f758c7f99
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: group-activation Version: 1.0.0 The `SKILL.md` file instructs the AI agent to perform high-risk actions based on user-controlled input. Specifically, it directs the agent to modify `openclaw.json` using `platform` and `group_id` derived from inbound message metadata, which could lead to configuration injection if these inputs are not properly sanitized. More critically, it instructs the agent to create a one-shot cron job with a duration parsed from the owner's message, posing a significant command injection or RCE vulnerability if the agent's cron job creation mechanism is insecure and allows user-controlled data to influence the executed command.
- External report
- View on VirusTotal