Back to skill
Skillv0.2.1
VirusTotal security
tf-plan-review · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:03 AM
- Hash
- 988fdfe2b283a88944a174925e19e48b69a48ea5f4c071be66d24f1af2bac8bb
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: tf-plan-review Version: 0.2.1 The skill is designed as a read-only Terraform plan analyzer. The `SKILL.md` explicitly instructs the AI agent with 'CRITICAL RULES' to NEVER run `terraform apply`, `destroy`, or any state-modifying commands, and to handle sensitive data carefully. The `scripts/tf-plan-review.sh` code adheres to these rules, using `set -euo pipefail`, consistently quoting paths to prevent shell injection, employing `jq --arg` for safe JSON interpolation, and running `terraform plan -out=/dev/null` to avoid writing plan files to disk. The `SECURITY.md` further reinforces these safety measures. There is no evidence of intentional malicious behavior, data exfiltration, or backdoors. The requested `exec` and `network` permissions are justified for its stated purpose of running Terraform commands and interacting with cloud provider APIs.
- External report
- View on VirusTotal