Back to skill
Skillv1.0.3
VirusTotal security
Wundervault Vault · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:21 PM
- Hash
- 986060aa26624dc700f72829f4eece79274935ef37a0bcb148688135cd348b1d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wundervault-vault Version: 1.0.3 The skill provides high-risk capabilities, specifically the `vault_exec` tool in SKILL.md, which allows an AI agent to execute shell commands with injected secrets. While the documentation claims to block shell escape sequences, the inherent risk of Remote Code Execution (RCE) and the management of sensitive credentials via an external, third-party MCP server (@wundervault/mcp-server) and a non-transparent, invite-only service (wundervault.com) pose significant security risks.
- External report
- View on VirusTotal