Back to skill
Skillv1.4.0
VirusTotal security
Alephnet Node · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:22 AM
- Hash
- 08eb5c069abb0c8536807860381dde4b7739dcc767e13bbc9ecaf9256ede7777
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: alephnet-node Version: 1.4.0 The OpenClaw AgentSkills bundle exhibits several high-risk capabilities, primarily the potential for Remote Code Execution (RCE) and broad system access. The `CodeRunner.run()` function in `lib/markdown.js` allows execution of arbitrary JavaScript code found in markdown blocks, which, if triggered by a malicious prompt, could lead to RCE. Similarly, the `execute_command` tool in `lib/tools.js` (exposed to the AI agent) permits arbitrary shell command execution, posing another RCE risk if input is not sufficiently sanitized. While the skill includes a `SafetyFilter` (`lib/learning/safety-filter.js`) to control file system and network access, and the `SKILL.md` itself contains no malicious instructions, these RCE vulnerabilities classify the bundle as 'suspicious' due to the inherent risks they present, even if not intentionally exploited within the provided context.
- External report
- View on VirusTotal