Back to skill
Skillv1.0.0
VirusTotal security
Epistemic Council · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:20 AM
- Hash
- 4a1e603d14fbc116ca8e2e1b19a44e23d9740a90c33045592cad6d50b131846c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: epistemic-council Version: 1.0.0 The skill is classified as suspicious due to its broad `shell: true` permission and the use of `subprocess.run` to execute other Python scripts, as well as the inherent prompt injection surface against the local LLM. While the implementation attempts to mitigate direct shell injection by using list-form arguments for `subprocess.run` (defaulting to `shell=False`), and network access is strictly `localhost_only` (preventing direct exfiltration), the power granted by `shell: true` remains a significant vulnerability risk. An attacker might exploit complex interactions or subtle flaws in argument parsing to achieve unauthorized execution or manipulate the LLM's reasoning, leading to compromised data integrity within the `epistemic.db` or `agent_learning.json` files.
- External report
- View on VirusTotal