Back to skill
Skillv0.1.0
VirusTotal security
Claude Local Bridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:55 AM
- Hash
- d9cb88013e4dbcc8b6e8df2fde863825b35597757e7b5a97d2cb5d3e88c4da53
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claude-local-bridge Version: 0.1.0 The OpenClaw AgentSkills skill bundle is designed with strong security principles like sandboxing, explicit human approval for file access, and bearer token authentication for core file operations. However, it contains a critical vulnerability: the `/ws/approvals` WebSocket endpoint (in `app/routers/ws.py`) is not authenticated, allowing an attacker to bypass the human approval mechanism and approve/deny file access requests if the server is exposed publicly. Additionally, the FastAPI app uses `allow_origins=["*"]` for CORS, which is a vulnerability if deployed publicly without hardening. These flaws, while not indicative of intentional malice, represent significant security risks that could be exploited.
- External report
- View on VirusTotal