Back to skill
Skillv1.0.0
VirusTotal security
Skill Extraction · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:45 AM
- Hash
- a3370a82c46face008121b21599f6175db405f107ad2ab46baf997596788e515
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: extraction Version: 1.0.0 The skill bundle is classified as suspicious due to its instruction for the AI agent to execute shell commands, particularly the `cp -r` command. While the stated purpose is to copy extracted content to a 'staging area' within a 'skills repo', the use of a placeholder path (`/path/to/skills-repo/`) for this operation presents a significant vulnerability. If the agent's environment or prompt resolution is compromised, this capability could be exploited for unauthorized data movement or file system manipulation. Other shell commands like `ls`, `wc`, and `grep` are also executed, highlighting the agent's ability to run arbitrary commands, which is a general risk, though these specific commands are used for benign introspection and validation.
- External report
- View on VirusTotal