Back to skill
Skillv1.0.0
VirusTotal security
Failure Memory Log · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:52 AM
- Hash
- 7b983cf52717e879b29f43d6f3de7b77a722db9ab11e82bee1fb9aeb51ba8492
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: failure-memory-log Version: 1.0.0 The skill bundle is classified as suspicious due to a significant shell injection vulnerability identified in `SKILL.md`. The instruction for the agent to execute `grep -i "<keyword>" memory/failures.md` directly uses a potentially unsanitized `<keyword>` derived from agent/user input, allowing for arbitrary command execution. Additionally, the `bash scripts/init.sh [memory_dir]` instruction could also be vulnerable if the `[memory_dir]` parameter is not properly sanitized by the agent, potentially leading to path traversal or command injection. While the stated purpose of the skill is benign (logging failures), these vulnerabilities pose a high risk without clear malicious intent.
- External report
- View on VirusTotal