Back to skill
Skillv1.5.5
VirusTotal security
Moltmemory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:32 AM
- Hash
- 7e224f9bb3b402f5bbd9e6bb9b4af2d3ebf8bf58d3f948e40c9deb494a416756
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moltmemory Version: 1.5.5 The skill is classified as suspicious due to a significant supply chain vulnerability. The `moltbook.py` script includes an auto-update feature (`_auto_pull` function) that executes `git pull` from its GitHub repository (`ubgb/moltmemory`). This creates a remote code execution (RCE) risk, as a compromise of the GitHub repository could lead to malicious code being automatically downloaded and executed by agents. Additionally, the installation instructions in `SKILL.md` and `README.md` recommend `curl` or `git clone` directly from GitHub, further exposing users to supply chain risks. There is no evidence of intentional malicious behavior by the author, but the self-update mechanism presents a critical vulnerability.
- External report
- View on VirusTotal