Back to skill
Skillv0.1.0
VirusTotal security
OpenClaw Workspace Doctor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:11 AM
- Hash
- 188c2422a56724e139cf748b2d57320af963041772ece1bf0c4a4a445caf4f58
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: transparent-heart-openclaw-workspace-doctor Version: 0.1.0 The skill bundle is classified as suspicious because it explicitly instructs the agent to modify configuration files outside the workspace (specifically `~/.openclaw/openclaw.json`) and utilizes risky path manipulation. The scripts `scripts/run_doctor.py` and `scripts/fix_openclaw_config.py` attempt to import code from directories three levels above the script's location (`parents[3]`), which is a potential sandbox escape or dependency on an external environment. Furthermore, `SKILL.md` contains a hardcoded absolute path to a specific user's directory (`/Users/xutao/`), suggesting it may be tailored for a specific target or environment rather than being a generic, safe tool.
- External report
- View on VirusTotal