Back to skill
Skillv1.0.0
VirusTotal security
Maay · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:04 AM
- Hash
- b15e357f3526eac66c6913de661bbe022c1f50cfc718267475199de7032a1467
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sss Version: 1.0.0 The SKILL.md file instructs the AI agent to execute `source ~/.atxp/config` as part of its authentication flow. This command executes arbitrary shell commands from the specified file in the user's home directory. This is a critical arbitrary code execution vulnerability, as the content of `~/.atxp/config` could be controlled by an attacker (e.g., via a compromised `npx atxp login` package or prior system compromise), allowing the agent to execute malicious commands without explicit malicious intent in the provided skill definition.
- External report
- View on VirusTotal