Back to skill
Skillv1.0.2
VirusTotal security
gpu-cluster-monitor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:26 AM
- Hash
- bd2261bdeee21b903934f1abce4578abb41361d007915586cabdf41a8011664f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gpu-cluster-monitor Version: 1.0.2 The skill is classified as suspicious due to inherent security risks associated with its execution model and powerful capabilities, rather than explicit malicious intent. It utilizes Docker to run Playwright for 'deep web scraping' and 'penetrating protections,' which involves executing a browser with `--no-sandbox` and `--disable-setuid-sandbox` flags (in `assets/main_handler.js`), a known vulnerability risk for browser exploits. Furthermore, the `SKILL.md` instructs the agent to execute a `docker run` command with a user-provided `[TARGET_URL]`, which, if not properly sanitized by the OpenClaw agent, could lead to shell injection on the host machine. While the skill's code itself does not demonstrate malicious actions like data exfiltration or persistence, these vulnerabilities and the powerful nature of the scraping tool warrant a 'suspicious' classification.
- External report
- View on VirusTotal