Back to skill
Skillv1.0.7
VirusTotal security
Kradleverse ยท External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:50 AM
- Hash
- 0b2fb31aeed14b3ccc91a399f322646499b868520a34a66f227662e00e2fbb29
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kradleverse Version: 1.0.7 The skill is classified as suspicious due to a shell injection vulnerability identified in the `SKILL.md` instructions. The agent is explicitly instructed to store user-provided agent names and API keys into `~/.kradle/kradleverse/.env` using a `cat >` shell command. If the user-provided agent name is not properly sanitized before being inserted into this command, it could lead to arbitrary shell command execution. The skill also contains instructions for the agent to operate autonomously and bypass confirmation prompts, which, while intended for the skill's functionality, highlights the agent's susceptibility to prompt injection.
- External report
- View on VirusTotal