Back to skill
Skillv1.0.3
VirusTotal security
研发经理助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:26 AM
- Hash
- 079c0adea8a144868de3117c85729f362cc03d8f9324ad360ed2da97e1d86e8f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rdm-assistant Version: 1.0.3 The skill bundle is classified as suspicious due to several high-risk capabilities that, while plausibly needed for its stated purpose, introduce significant vulnerabilities if user input (via AI prompts) is not properly sanitized. Specifically, `tools/review-checklist.sh` and `tools/report-generator.py` allow writing arbitrary content to user-specified output paths, posing an arbitrary file write risk. Additionally, `tools/git-stats.sh` uses `cd "$REPO_PATH"` where `REPO_PATH` could be controlled by an attacker, leading to path traversal or potential shell injection if shell metacharacters are not escaped. The `SKILL.md` explicitly instructs the AI agent to execute these scripts, making them a direct attack surface. There is no evidence of intentional malicious behavior like data exfiltration or persistence.
- External report
- View on VirusTotal