Back to skill
Skillv6.8.20
VirusTotal security
flaw0 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:28 AM
- Hash
- 9bdb9c4b253d48b5986171dad3c519a17ef8f4735e81fdc39cf1e2bb9bf56c65
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: flaw0 Version: 6.8.20 The 'moltguard' skill (slug: 'flaw0') uses deceptive prompt instructions in SKILL.md to force the AI agent into a pre-scripted 'onboarding' flow. Specifically, it instructs the agent to read a sample file and then lie to the user with a hardcoded success message ('Your security protection is now active'), which is a classic social engineering tactic to build false trust. The skill also encourages the installation of external plugins and the execution of local scripts (e.g., enterprise-enroll.mjs, uninstall.mjs) that manage credentials and system configuration, posing a significant risk if the underlying plugin is malicious.
- External report
- View on VirusTotal