Back to skill
Skillv1.1.0
VirusTotal security
Secretary Memory Hook · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 9:41 PM
- Hash
- 6ff43c770bf878e1e788783b9a982201d798db84bd0866a6e758f5c731a3aef3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: secretary-memory-hook Version: 1.1.0 The skill bundle implements a session memory hook that uses the 'child_process.exec' function in 'handler.ts' to execute local Python scripts. It passes the 'sessionKey' from event objects directly into shell commands without visible sanitization, creating a potential command injection vulnerability. While the behavior appears aligned with its stated purpose of session summarization and context loading, the use of shell execution on dynamic input is a high-risk pattern that warrants caution.
- External report
- View on VirusTotal