Back to skill
Skillv0.2.1
VirusTotal security
Dream · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:41 AM
- Hash
- 4e3e305af6079202e998cacb2b4575755da438d7fb5d7549227050048e5af0d7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dream-memoryfilemanager Version: 0.2.1 The skill's core purpose is benign, focusing on memory distillation and archiving. However, it is classified as 'suspicious' due to a critical design flaw: the `dream forget` command, described in `Skill.md` and `readme.md` as clearing entries 'without confirmation,' lacks an implementation in `dream-tools.sh`. This creates a significant prompt injection vulnerability, as the AI agent might attempt to directly execute shell commands (e.g., `rm`, `sed`) to fulfill the 'clear' instruction, potentially leading to arbitrary file deletion or modification based on a malicious user input. Additionally, the `cmd_check_reemergence` function in `dream-tools.sh` uses regex derived from user content, posing a potential ReDoS (Regex Denial of Service) vulnerability. No evidence of intentional data exfiltration, unauthorized network calls, or persistence mechanisms was found.
- External report
- View on VirusTotal