Back to skill
Skillv1.0.0
VirusTotal security
L6 Learning Accelerator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 22, 2026, 5:46 AM
- Hash
- 9484c19fa446e94bd05a48c958a70e5a82a360d0ece3db932bf8572a194969aa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: l6-learning-accelerator Version: 1.0.0 The skill provides legitimate learning acceleration and progress tracking features, but it contains a significant security vulnerability. Specifically, the `export_to_file` and `import_from_file` functions in `src/progress.js` perform file I/O operations using unsanitized file paths provided as arguments. This allows for potential path traversal attacks, where an agent could be manipulated into reading or overwriting arbitrary files on the host system. Additionally, `test/basic.test.js` contains a hardcoded absolute Windows file path, which is a poor practice although not directly malicious.
- External report
- View on VirusTotal