Back to skill
Skillv1.0.0
VirusTotal security
emotional-persona · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:15 AM
- Hash
- 4b33d2940bd8cee3f0de5ba152efcd606645847d9ea32b48c3d539704449d1f6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: emotional-persona Version: 1.0.0 The skill bundle provides a framework for AI agents to simulate emotional states and personality, which is benign in intent. However, the scripts `emotion_memory.sh` and `emotion_report.sh` contain critical command injection vulnerabilities where shell variables are interpolated directly into Python command strings (e.g., the `search` and `anchors` actions). While there is no evidence of intentional malice or data exfiltration, these flaws could be exploited to execute arbitrary code on the host system if an attacker can influence the input processed by the agent.
- External report
- View on VirusTotal