Back to skill
Skillv0.0.5
VirusTotal security
Bug Reaper · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:18 AM
- Hash
- 60500d353999518922be57fd1598891ab028845898bcc2f6cdcb896754417c2f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bug-reaper Version: 0.0.5 The skill bundle is classified as 'suspicious' due to the extensive presence of detailed methodologies and examples for high-impact offensive security actions (e.g., RCE, data exfiltration, account takeover) within the agent's accessible knowledge base (`references/*.md`). These files contain explicit commands for OS interaction, network scanning, and references to sensitive file paths. Although the `SKILL.md` and `CHANGELOG.md` include strong, explicit instructions to the AI agent to *never execute commands autonomously* and to *always ask the user*, the inherent nature of this content creates a significant prompt injection vulnerability risk. If an attacker could bypass the agent's guardrails, these examples could be leveraged for malicious purposes, despite the apparent benign intent of the skill's developers.
- External report
- View on VirusTotal