Back to skill
Skillv1.0.0
VirusTotal security
Client Project Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:52 AM
- Hash
- fa3e57d80054acb86d094e11adef86f0f76c792a759594740ee7f4e82b1d915d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: client-project-manager Version: 1.0.0 The skill bundle is classified as suspicious primarily due to the inclusion of 'Bash' in the `allowed-tools` list within `SKILL.md`. While the skill's instructions themselves describe a benign freelance business management system and do not explicitly direct the AI agent to perform malicious actions, the broad permission to execute arbitrary shell commands via `Bash` introduces a significant vulnerability. This capability is not clearly justified by the described functionality, which mainly involves local file operations and content generation, making it a potential attack surface for prompt injection leading to arbitrary code execution.
- External report
- View on VirusTotal