Back to skill
Skillv1.0.1
VirusTotal security
Lunar Reminder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:39 AM
- Hash
- 4627bbe9277fcd3758a3b95576254411348d64c41146ff4945a9c013d1a77e47
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lunar-reminder Version: 1.0.1 The skill implements lunar calendar reminders by instructing the agent to execute shell commands (`node -e` and `openclaw cron`) using string interpolation of user-provided inputs like event names and dates in SKILL.md. This pattern introduces a significant risk of shell injection vulnerabilities, as a user could provide a crafted event name to execute arbitrary commands. While the behavior aligns with the stated purpose and no clear evidence of malicious intent or data exfiltration was found, the reliance on unsafe command construction is a high-risk practice.
- External report
- View on VirusTotal