Back to skill
Skillv0.0.1
VirusTotal security
Improve Skill Bespoke To CodeBase · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:53 AM
- Hash
- f8dd9c2cc59f6de4a8aec9712c4a4600980cbea422b6343f6aa3e239a99e7e17
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: improve-skill Version: 0.0.1 The skill is classified as suspicious due to its powerful meta-programming capabilities, which, while aligned with its stated purpose, introduce significant security risks. Specifically, the `SKILL.md` instructs the agent to read all project files and other skill definitions, and critically, to 'Edit the skill's SKILL.md with the approved changes' and 'Add or update supporting files if needed'. This ability to modify skill definitions and supporting files, along with the capacity to re-run other skills, creates a substantial attack surface. While there is no direct evidence of intentional malicious behavior (e.g., data exfiltration, persistence) within this skill's instructions, these capabilities could be leveraged by a malicious actor to inject harmful code into skills or the agent's operational logic if the 'approved changes' are compromised or the agent's interpretation is exploited.
- External report
- View on VirusTotal