Back to skill
Skillv1.0.1
VirusTotal security
Curriculum Designer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:46 AM
- Hash
- 03f72f1919dc7f5dd62ecbbcc3ba0e6cad142764e9aba0ac0a364dc0bbdbdbfd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: curriculum-designer Version: 1.0.1 The `SKILL.md` contains instructions for the agent that pose significant security risks, classifying it as suspicious. Specifically, it explicitly instructs the agent to make generated Google Sheets publicly viewable (`gog drive share --to anyone --role reader`), which is a critical data exposure vulnerability. Additionally, it provides instructions for setting up a cron job using `find ... -exec rm -rf {} \;` for checkpoint cleanup, which, while intended for benign purposes, represents a potential Remote Code Execution (RCE) vulnerability if the command or its arguments could be manipulated via prompt injection. While the `curriculum-designer.sh` script currently does not implement the Google Sheet creation/sharing, the `SKILL.md` itself, as an attack surface, contains these high-risk instructions.
- External report
- View on VirusTotal