Back to skill
Skillv1.0.0
VirusTotal security
GoalGetter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:07 AM
- Hash
- 3db8e8307b50b43d39ebc54985bcefcc92a1c27288c3d0a695714729acb35e0d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: goalgetter Version: 1.0.0 The `SKILL.md` file contains `bash` commands that directly append user-provided input (`$TEXT`, `$GOAL_NAME`) to local markdown files using `echo`. This implementation is vulnerable to shell injection, as an attacker could embed arbitrary shell commands within their input, potentially leading to Remote Code Execution (RCE) on the system running the OpenClaw agent. While this is a critical vulnerability, there is no evidence of intentional malicious behavior such as data exfiltration, persistence, or obfuscation within the provided files; the actions are consistent with the stated purpose of local task/goal management.
- External report
- View on VirusTotal