Back to skill
Skillv0.1.0
VirusTotal security
Sre Engineer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:11 AM
- Hash
- 85663ac145389b9d700b919d8eab5f8de7763790f0d2dae9346f58372a16f372
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sre-engineer Version: 0.1.0 The skill bundle is classified as suspicious due to the presence of risky capabilities, specifically the use of `subprocess.run` with `shell=True` for `kubectl` commands in `references/automation-toil.md`, which poses a command injection risk if the command string is derived from untrusted input. Additionally, `references/incident-chaos.md` demonstrates the execution of highly privileged and disruptive system commands (`tc`, `iptables`, `kubectl delete`) via `subprocess.run` for chaos engineering purposes. While these actions are plausibly needed for the stated SRE automation and chaos engineering objectives, they represent significant security risks if misused or executed in an uncontrolled environment, lacking clear malicious intent but demonstrating broad, powerful permissions.
- External report
- View on VirusTotal