Back to skill
Skillv0.2.2
VirusTotal security
Dream · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:41 AM
- Hash
- bda1d79badade669577f79c135488d601a81d8eeb568a7232b47ab5718203549
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: memory-file-manager-teman Version: 0.2.2 The skill bundle is classified as suspicious due to several vulnerabilities in `dream-tools.sh` that could be exploited via prompt injection against the AI agent. Specifically, `cmd_atomic_write` has a path traversal risk, `cmd_ledger_append` is vulnerable to markdown/JSON injection, `cmd_check_reemergence` is susceptible to regex injection, and `cmd_status` has a potential Python code execution risk. The `Skill.md` instructions for the AI to 'write directly' and 'forget' content based on user input create a significant prompt injection surface, allowing an attacker to potentially trigger these vulnerabilities, leading to unintended file modifications, data corruption, or denial of service. There is no clear evidence of intentional malicious behavior like data exfiltration or backdoors.
- External report
- View on VirusTotal