Back to skill
Skillv1.1.0
VirusTotal security
Skill Sandbox · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 4:00 AM
- Hash
- 3188a312a236c46487b4dea52a7671b0af2cf185149156834cafc1eadbd578b3
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: arc-skill-sandbox Version: 1.1.0 This skill bundle implements a security sandbox designed to monitor and analyze the behavior of other untrusted skills. All observed 'risky' capabilities, such as logging filesystem operations, environment variable access, network calls, and subprocess execution (in `scripts/sandbox.py`), are explicitly part of its stated purpose to detect malicious activity in *other* skills. The inclusion of fake credentials (e.g., `sk-fake-sandbox-key-do-not-use`) is a honeypot mechanism to test the sandboxed skill's intent, not an attempt to steal real credentials. The `SKILL.md` documentation clearly outlines its defensive purpose, and the code demonstrates robust isolation techniques (subprocess execution, sanitized environment) to prevent sandbox escapes. There is no evidence of intentional harmful behavior by this skill itself.
- External report
- View on VirusTotal