Back to skill
Skillv2.0.0
VirusTotal security
Graph Of Thoughts · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:43 AM
- Hash
- 2662236d74f0174db046168e702094bb5ddf024b23c6fe5ad7713c13f94fd1f7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: graph-of-thoughts Version: 2.0.0 The skill bundle is classified as suspicious due to a potential Remote Code Execution (RCE) vulnerability. The `unified_wrapper.py` file dynamically loads the `graph_of_thoughts.py` (which is not provided) and passes the user-controlled `goal` (problem statement) directly to its `do`, `execute`, or `run` method. If the `graph_of_thoughts.py` implements these methods unsafely (e.g., using `os.system()` or `eval()` on the `goal`), it would lead to shell injection. Additionally, the `SKILL.md` describes a conceptual `execute_and_verify(solution)` step where `solution` is an AI-generated output; if the agent interprets this step as direct code execution, it could also lead to RCE via prompt injection. While no explicit malicious code is present in the provided files, the architecture creates a high-risk vulnerability.
- External report
- View on VirusTotal