Back to skill
Skillv0.1.0
VirusTotal security
Skill Preflight Bootstrap · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:21 AM
- Hash
- 827db30ae61c9c20a9a2bfb6b20826bb9baf98e5791e0522b58ea31e284a32ed
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-preflight-bootstrap Version: 0.1.0 The skill bundle automates the setup of a workflow by performing high-privilege modifications to the agent's environment. Specifically, `scripts/bootstrap-skill-preflight.py` installs persistent hooks in `.codex/settings.json` and `.claude/settings.json` that execute shell scripts on every prompt and tool use, and it injects mandatory instructions into `AGENTS.md` using forceful language ('must', 'mandatory') to override default agent behavior. Additionally, `scripts/skill-preflight.py` executes remote code via `npx -y skills`. While these actions are consistent with the stated purpose of initializing a 'skill-first' workflow, the use of persistent hooks and mandatory prompt injection represents a significant attack surface for controlling agent behavior.
- External report
- View on VirusTotal